arcade-mcp/toolkits/datadog_api/arcade_datadog_api/wrapper_tools/ValidatePipelineConfig.json
jottakka f05560bbf4
[MOAR][DATADOG] Adding DataDog starter toolkit (+590) (#633)
Co-authored-by: Francisco Liberal <francisco@arcade.dev>
2025-10-20 15:49:48 -03:00

262 lines
291 KiB
JSON

{
"name": "ValidatePipelineConfig",
"fully_qualified_name": "DatadogApi.ValidatePipelineConfig@0.1.0",
"description": "Validate a pipeline configuration without making changes.\n\nUse this tool to check the correctness of a pipeline configuration in Datadog. It helps identify any potential errors without altering existing resources.",
"toolkit": {
"name": "ArcadeDatadogApi",
"description": null,
"version": "0.1.0"
},
"input": {
"parameters": [
{
"name": "pipeline_config",
"required": true,
"description": "JSON object containing the pipeline's configuration, including its name, type, sources, processors, and destinations.",
"value_schema": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"data": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"attributes": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"config": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"destinations": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of destination components where processed logs are sent."
},
"processors": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of processors that transform or enrich log data."
},
"sources": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of configured data sources for the pipeline."
}
},
"inner_properties": null,
"description": "Specifies the pipeline's configuration, including its sources, processors, and destinations."
},
"name": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "Name of the pipeline."
}
},
"inner_properties": null,
"description": "Defines the pipeline\u2019s name and its components (sources, processors, and destinations)."
},
"type": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The resource type identifier. For pipeline resources, this should always be set to `pipelines`."
}
},
"inner_properties": null,
"description": "Contains the the pipeline configuration."
}
},
"inner_properties": null,
"description": ""
},
"inferrable": true,
"http_endpoint_parameter_name": "requestBody"
}
]
},
"output": {
"description": "Response from the API endpoint 'ValidatePipeline'.",
"available_modes": [
"value",
"error",
"null"
],
"value_schema": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": null
}
},
"requirements": {
"authorization": null,
"secrets": [
{
"key": "DATADOG_API_KEY"
},
{
"key": "DATADOG_APPLICATION_KEY"
},
{
"key": "DATADOG_BASE_URL"
}
],
"metadata": null
},
"deprecation_message": null,
"metadata": {
"object_type": "api_wrapper_tool",
"version": "1.1.0",
"description": "Tools that enable LLMs to interact directly with the Datadog API."
},
"http_endpoint": {
"metadata": {
"object_type": "http_endpoint",
"version": "1.2.0",
"description": ""
},
"url": "https://{datadog_base_url}/api/v2/remote_config/products/obs_pipelines/pipelines/validate",
"http_method": "POST",
"headers": {},
"parameters": [
{
"name": "requestBody",
"tool_parameter_name": "pipeline_config",
"description": "",
"value_schema": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"data": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"attributes": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"config": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": {
"destinations": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of destination components where processed logs are sent."
},
"processors": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of processors that transform or enrich log data."
},
"sources": {
"val_type": "array",
"inner_val_type": "json",
"enum": null,
"properties": null,
"inner_properties": {},
"description": "A list of configured data sources for the pipeline."
}
},
"inner_properties": null,
"description": "Specifies the pipeline's configuration, including its sources, processors, and destinations."
},
"name": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "Name of the pipeline."
}
},
"inner_properties": null,
"description": "Defines the pipeline\u2019s name and its components (sources, processors, and destinations)."
},
"type": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The resource type identifier. For pipeline resources, this should always be set to `pipelines`."
}
},
"inner_properties": null,
"description": "Contains the the pipeline configuration."
}
},
"inner_properties": null,
"description": ""
},
"accepted_as": "body",
"required": true,
"deprecated": false,
"default": null,
"documentation_urls": []
}
],
"documentation_urls": [],
"secrets": [
{
"arcade_key": "DATADOG_API_KEY",
"parameter_name": "DD-API-KEY",
"accepted_as": "header",
"formatted_value": null,
"description": "",
"is_auth_token": false
},
{
"arcade_key": "DATADOG_APPLICATION_KEY",
"parameter_name": "DD-APPLICATION-KEY",
"accepted_as": "header",
"formatted_value": null,
"description": "",
"is_auth_token": false
},
{
"arcade_key": "DATADOG_BASE_URL",
"parameter_name": "datadog_base_url",
"accepted_as": "path",
"formatted_value": null,
"description": "",
"is_auth_token": false
}
],
"request_body_spec": "{\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"description\": \"Input schema representing an observability pipeline configuration. Used in create and validate requests.\",\n \"properties\": {\n \"data\": {\n \"description\": \"Contains the the pipeline configuration.\",\n \"properties\": {\n \"attributes\": {\n \"description\": \"Defines the pipeline\\u2019s name and its components (sources, processors, and destinations).\",\n \"properties\": {\n \"config\": {\n \"description\": \"Specifies the pipeline's configuration, including its sources, processors, and destinations.\",\n \"properties\": {\n \"destinations\": {\n \"description\": \"A list of destination components where processed logs are sent.\",\n \"example\": [\n {\n \"id\": \"datadog-logs-destination\",\n \"inputs\": [\n \"filter-processor\"\n ],\n \"type\": \"datadog_logs\"\n }\n ],\n \"items\": {\n \"description\": \"A destination for the pipeline.\",\n \"oneOf\": [\n {\n \"description\": \"The `datadog_logs` destination forwards logs to Datadog Log Management.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"datadog-logs-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"datadog_logs\",\n \"description\": \"The destination type. The value should always be `datadog_logs`.\",\n \"enum\": [\n \"datadog_logs\"\n ],\n \"example\": \"datadog_logs\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DATADOG_LOGS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `amazon_s3` destination sends your logs in Datadog-rehydratable format to an Amazon S3 bucket for archiving.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"AWS authentication credentials used for accessing AWS services such as S3.\\nIf omitted, the system\\u2019s default credentials are used (for example, the IAM role and environment variables).\",\n \"properties\": {\n \"assume_role\": {\n \"description\": \"The Amazon Resource Name (ARN) of the role to assume.\",\n \"type\": \"string\"\n },\n \"external_id\": {\n \"description\": \"A unique identifier for cross-account role assumption.\",\n \"type\": \"string\"\n },\n \"session_name\": {\n \"description\": \"A session identifier used for logging and tracing the assumed role session.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"bucket\": {\n \"description\": \"S3 bucket name.\",\n \"example\": \"error-logs\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"Unique identifier for the destination component.\",\n \"example\": \"amazon-s3-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"key_prefix\": {\n \"description\": \"Optional prefix for object keys.\",\n \"type\": \"string\"\n },\n \"region\": {\n \"description\": \"AWS region of the S3 bucket.\",\n \"example\": \"us-east-1\",\n \"type\": \"string\"\n },\n \"storage_class\": {\n \"description\": \"S3 storage class.\",\n \"enum\": [\n \"STANDARD\",\n \"REDUCED_REDUNDANCY\",\n \"INTELLIGENT_TIERING\",\n \"STANDARD_IA\",\n \"EXPRESS_ONEZONE\",\n \"ONEZONE_IA\",\n \"GLACIER\",\n \"GLACIER_IR\",\n \"DEEP_ARCHIVE\"\n ],\n \"example\": \"STANDARD\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"STANDARD\",\n \"REDUCED_REDUNDANCY\",\n \"INTELLIGENT_TIERING\",\n \"STANDARD_IA\",\n \"EXPRESS_ONEZONE\",\n \"ONEZONE_IA\",\n \"GLACIER\",\n \"GLACIER_IR\",\n \"DEEP_ARCHIVE\"\n ]\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"amazon_s3\",\n \"description\": \"The destination type. Always `amazon_s3`.\",\n \"enum\": [\n \"amazon_s3\"\n ],\n \"example\": \"amazon_s3\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AMAZON_S3\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"bucket\",\n \"region\",\n \"storage_class\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `google_cloud_storage` destination stores logs in a Google Cloud Storage (GCS) bucket.\\nIt requires a bucket name, GCP authentication, and metadata fields.\",\n \"properties\": {\n \"acl\": {\n \"description\": \"Access control list setting for objects written to the bucket.\",\n \"enum\": [\n \"private\",\n \"project-private\",\n \"public-read\",\n \"authenticated-read\",\n \"bucket-owner-read\",\n \"bucket-owner-full-control\"\n ],\n \"example\": \"private\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"PRIVATE\",\n \"PROJECTNOT_PRIVATE\",\n \"PUBLICNOT_READ\",\n \"AUTHENTICATEDNOT_READ\",\n \"BUCKETNOT_OWNERNOT_READ\",\n \"BUCKETNOT_OWNERNOT_FULLNOT_CONTROL\"\n ]\n },\n \"auth\": {\n \"description\": \"GCP credentials used to authenticate with Google Cloud Storage.\",\n \"properties\": {\n \"credentials_file\": {\n \"description\": \"Path to the GCP service account key file.\",\n \"example\": \"/var/secrets/gcp-credentials.json\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"credentials_file\"\n ],\n \"type\": \"object\"\n },\n \"bucket\": {\n \"description\": \"Name of the GCS bucket.\",\n \"example\": \"error-logs\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"Unique identifier for the destination component.\",\n \"example\": \"gcs-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"key_prefix\": {\n \"description\": \"Optional prefix for object keys within the GCS bucket.\",\n \"type\": \"string\"\n },\n \"metadata\": {\n \"description\": \"Custom metadata to attach to each object uploaded to the GCS bucket.\",\n \"items\": {\n \"description\": \"A custom metadata entry.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The metadata key.\",\n \"example\": \"environment\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"The metadata value.\",\n \"example\": \"production\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"storage_class\": {\n \"description\": \"Storage class used for objects stored in GCS.\",\n \"enum\": [\n \"STANDARD\",\n \"NEARLINE\",\n \"COLDLINE\",\n \"ARCHIVE\"\n ],\n \"example\": \"STANDARD\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"STANDARD\",\n \"NEARLINE\",\n \"COLDLINE\",\n \"ARCHIVE\"\n ]\n },\n \"type\": {\n \"default\": \"google_cloud_storage\",\n \"description\": \"The destination type. Always `google_cloud_storage`.\",\n \"enum\": [\n \"google_cloud_storage\"\n ],\n \"example\": \"google_cloud_storage\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GOOGLE_CLOUD_STORAGE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"bucket\",\n \"auth\",\n \"storage_class\",\n \"acl\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `splunk_hec` destination forwards logs to Splunk using the HTTP Event Collector (HEC).\",\n \"properties\": {\n \"auto_extract_timestamp\": {\n \"description\": \"If `true`, Splunk tries to extract timestamps from incoming log events.\\nIf `false`, Splunk assigns the time the event was received.\",\n \"example\": true,\n \"type\": \"boolean\"\n },\n \"encoding\": {\n \"description\": \"Encoding format for log events.\",\n \"enum\": [\n \"json\",\n \"raw_message\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"splunk-hec-destination\",\n \"type\": \"string\"\n },\n \"index\": {\n \"description\": \"Optional name of the Splunk index where logs are written.\",\n \"example\": \"main\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"sourcetype\": {\n \"description\": \"The Splunk sourcetype to assign to log events.\",\n \"example\": \"custom_sourcetype\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"splunk_hec\",\n \"description\": \"The destination type. Always `splunk_hec`.\",\n \"enum\": [\n \"splunk_hec\"\n ],\n \"example\": \"splunk_hec\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SPLUNK_HEC\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `sumo_logic` destination forwards logs to Sumo Logic.\",\n \"properties\": {\n \"encoding\": {\n \"description\": \"The output encoding format.\",\n \"enum\": [\n \"json\",\n \"raw_message\",\n \"logfmt\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\",\n \"LOGFMT\"\n ]\n },\n \"header_custom_fields\": {\n \"description\": \"A list of custom headers to include in the request to Sumo Logic.\",\n \"items\": {\n \"description\": \"Single key-value pair used as a custom log header for Sumo Logic.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The header field name.\",\n \"example\": \"X-Sumo-Category\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"The header field value.\",\n \"example\": \"my-app-logs\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"header_host_name\": {\n \"description\": \"Optional override for the host name header.\",\n \"example\": \"host-123\",\n \"type\": \"string\"\n },\n \"header_source_category\": {\n \"description\": \"Optional override for the source category header.\",\n \"example\": \"source-category\",\n \"type\": \"string\"\n },\n \"header_source_name\": {\n \"description\": \"Optional override for the source name header.\",\n \"example\": \"source-name\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"sumo-logic-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"sumo_logic\",\n \"description\": \"The destination type. The value should always be `sumo_logic`.\",\n \"enum\": [\n \"sumo_logic\"\n ],\n \"example\": \"sumo_logic\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SUMO_LOGIC\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `elasticsearch` destination writes logs to an Elasticsearch cluster.\",\n \"properties\": {\n \"api_version\": {\n \"description\": \"The Elasticsearch API version to use. Set to `auto` to auto-detect.\",\n \"enum\": [\n \"auto\",\n \"v6\",\n \"v7\",\n \"v8\"\n ],\n \"example\": \"auto\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AUTO\",\n \"V6\",\n \"V7\",\n \"V8\"\n ]\n },\n \"bulk_index\": {\n \"description\": \"The index to write logs to in Elasticsearch.\",\n \"example\": \"logs-index\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"elasticsearch-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"elasticsearch\",\n \"description\": \"The destination type. The value should always be `elasticsearch`.\",\n \"enum\": [\n \"elasticsearch\"\n ],\n \"example\": \"elasticsearch\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ELASTICSEARCH\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `rsyslog` destination forwards logs to an external `rsyslog` server over TCP or UDP using the syslog protocol.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"rsyslog-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"keepalive\": {\n \"description\": \"Optional socket keepalive duration in milliseconds.\",\n \"example\": 60000,\n \"format\": \"int64\",\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"rsyslog\",\n \"description\": \"The destination type. The value should always be `rsyslog`.\",\n \"enum\": [\n \"rsyslog\"\n ],\n \"example\": \"rsyslog\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"RSYSLOG\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `syslog_ng` destination forwards logs to an external `syslog-ng` server over TCP or UDP using the syslog protocol.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"syslog-ng-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"keepalive\": {\n \"description\": \"Optional socket keepalive duration in milliseconds.\",\n \"example\": 60000,\n \"format\": \"int64\",\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"syslog_ng\",\n \"description\": \"The destination type. The value should always be `syslog_ng`.\",\n \"enum\": [\n \"syslog_ng\"\n ],\n \"example\": \"syslog_ng\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SYSLOG_NG\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `azure_storage` destination forwards logs to an Azure Blob Storage container.\",\n \"properties\": {\n \"blob_prefix\": {\n \"description\": \"Optional prefix for blobs written to the container.\",\n \"example\": \"logs/\",\n \"type\": \"string\"\n },\n \"container_name\": {\n \"description\": \"The name of the Azure Blob Storage container to store logs in.\",\n \"example\": \"my-log-container\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"azure-storage-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"processor-id\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"azure_storage\",\n \"description\": \"The destination type. The value should always be `azure_storage`.\",\n \"enum\": [\n \"azure_storage\"\n ],\n \"example\": \"azure_storage\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AZURE_STORAGE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"container_name\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `microsoft_sentinel` destination forwards logs to Microsoft Sentinel.\",\n \"properties\": {\n \"client_id\": {\n \"description\": \"Azure AD client ID used for authentication.\",\n \"example\": \"a1b2c3d4-5678-90ab-cdef-1234567890ab\",\n \"type\": \"string\"\n },\n \"dcr_immutable_id\": {\n \"description\": \"The immutable ID of the Data Collection Rule (DCR).\",\n \"example\": \"dcr-uuid-1234\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"sentinel-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"table\": {\n \"description\": \"The name of the Log Analytics table where logs are sent.\",\n \"example\": \"CustomLogsTable\",\n \"type\": \"string\"\n },\n \"tenant_id\": {\n \"description\": \"Azure AD tenant ID.\",\n \"example\": \"abcdef12-3456-7890-abcd-ef1234567890\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"microsoft_sentinel\",\n \"description\": \"The destination type. The value should always be `microsoft_sentinel`.\",\n \"enum\": [\n \"microsoft_sentinel\"\n ],\n \"example\": \"microsoft_sentinel\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"MICROSOFT_SENTINEL\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"client_id\",\n \"tenant_id\",\n \"dcr_immutable_id\",\n \"table\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `google_chronicle` destination sends logs to Google Chronicle.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"GCP credentials used to authenticate with Google Cloud Storage.\",\n \"properties\": {\n \"credentials_file\": {\n \"description\": \"Path to the GCP service account key file.\",\n \"example\": \"/var/secrets/gcp-credentials.json\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"credentials_file\"\n ],\n \"type\": \"object\"\n },\n \"customer_id\": {\n \"description\": \"The Google Chronicle customer ID.\",\n \"example\": \"abcdefg123456789\",\n \"type\": \"string\"\n },\n \"encoding\": {\n \"description\": \"The encoding format for the logs sent to Chronicle.\",\n \"enum\": [\n \"json\",\n \"raw_message\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"google-chronicle-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"parse-json-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"log_type\": {\n \"description\": \"The log type metadata associated with the Chronicle destination.\",\n \"example\": \"nginx_logs\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"google_chronicle\",\n \"description\": \"The destination type. The value should always be `google_chronicle`.\",\n \"enum\": [\n \"google_chronicle\"\n ],\n \"example\": \"google_chronicle\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GOOGLE_CHRONICLE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"auth\",\n \"customer_id\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `new_relic` destination sends logs to the New Relic platform.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"new-relic-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"parse-json-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"region\": {\n \"description\": \"The New Relic region.\",\n \"enum\": [\n \"us\",\n \"eu\"\n ],\n \"example\": \"us\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"US\",\n \"EU\"\n ]\n },\n \"type\": {\n \"default\": \"new_relic\",\n \"description\": \"The destination type. The value should always be `new_relic`.\",\n \"enum\": [\n \"new_relic\"\n ],\n \"example\": \"new_relic\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"NEW_RELIC\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"region\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `sentinel_one` destination sends logs to SentinelOne.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"sentinelone-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"region\": {\n \"description\": \"The SentinelOne region to send logs to.\",\n \"enum\": [\n \"us\",\n \"eu\",\n \"ca\",\n \"data_set_us\"\n ],\n \"example\": \"us\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"US\",\n \"EU\",\n \"CA\",\n \"DATA_SET_US\"\n ]\n },\n \"type\": {\n \"default\": \"sentinel_one\",\n \"description\": \"The destination type. The value should always be `sentinel_one`.\",\n \"enum\": [\n \"sentinel_one\"\n ],\n \"example\": \"sentinel_one\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SENTINEL_ONE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"region\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `opensearch` destination writes logs to an OpenSearch cluster.\",\n \"properties\": {\n \"bulk_index\": {\n \"description\": \"The index to write logs to.\",\n \"example\": \"logs-index\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"opensearch-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"opensearch\",\n \"description\": \"The destination type. The value should always be `opensearch`.\",\n \"enum\": [\n \"opensearch\"\n ],\n \"example\": \"opensearch\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"OPENSEARCH\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `amazon_opensearch` destination writes logs to Amazon OpenSearch.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"Authentication settings for the Amazon OpenSearch destination.\\nThe `strategy` field determines whether basic or AWS-based authentication is used.\",\n \"properties\": {\n \"assume_role\": {\n \"description\": \"The ARN of the role to assume (used with `aws` strategy).\",\n \"type\": \"string\"\n },\n \"aws_region\": {\n \"description\": \"AWS region\",\n \"type\": \"string\"\n },\n \"external_id\": {\n \"description\": \"External ID for the assumed role (used with `aws` strategy).\",\n \"type\": \"string\"\n },\n \"session_name\": {\n \"description\": \"Session name for the assumed role (used with `aws` strategy).\",\n \"type\": \"string\"\n },\n \"strategy\": {\n \"description\": \"The authentication strategy to use.\",\n \"enum\": [\n \"basic\",\n \"aws\"\n ],\n \"example\": \"aws\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BASIC\",\n \"AWS\"\n ]\n }\n },\n \"required\": [\n \"strategy\"\n ],\n \"type\": \"object\"\n },\n \"bulk_index\": {\n \"description\": \"The index to write logs to.\",\n \"example\": \"logs-index\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"elasticsearch-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"amazon_opensearch\",\n \"description\": \"The destination type. The value should always be `amazon_opensearch`.\",\n \"enum\": [\n \"amazon_opensearch\"\n ],\n \"example\": \"amazon_opensearch\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AMAZON_OPENSEARCH\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"auth\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `socket` destination sends logs over TCP or UDP to a remote server.\",\n \"properties\": {\n \"encoding\": {\n \"description\": \"Encoding format for log events.\",\n \"enum\": [\n \"json\",\n \"raw_message\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\"\n ]\n },\n \"framing\": {\n \"description\": \"Framing method configuration.\",\n \"oneOf\": [\n {\n \"description\": \"Each log event is delimited by a newline character.\",\n \"properties\": {\n \"method\": {\n \"description\": \"The definition of `ObservabilityPipelineSocketDestinationFramingNewlineDelimitedMethod` object.\",\n \"enum\": [\n \"newline_delimited\"\n ],\n \"example\": \"newline_delimited\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"NEWLINE_DELIMITED\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Event data is not delimited at all.\",\n \"properties\": {\n \"method\": {\n \"description\": \"The definition of `ObservabilityPipelineSocketDestinationFramingBytesMethod` object.\",\n \"enum\": [\n \"bytes\"\n ],\n \"example\": \"bytes\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BYTES\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Each log event is separated using the specified delimiter character.\",\n \"properties\": {\n \"delimiter\": {\n \"description\": \"A single ASCII character used as a delimiter.\",\n \"example\": \"|\",\n \"maxLength\": 1,\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"method\": {\n \"description\": \"The definition of `ObservabilityPipelineSocketDestinationFramingCharacterDelimitedMethod` object.\",\n \"enum\": [\n \"character_delimited\"\n ],\n \"example\": \"character_delimited\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CHARACTER_DELIMITED\"\n ]\n }\n },\n \"required\": [\n \"method\",\n \"delimiter\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"socket-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"mode\": {\n \"description\": \"Protocol used to send logs.\",\n \"enum\": [\n \"tcp\",\n \"udp\"\n ],\n \"example\": \"tcp\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"TCP\",\n \"UDP\"\n ]\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"socket\",\n \"description\": \"The destination type. The value should always be `socket`.\",\n \"enum\": [\n \"socket\"\n ],\n \"example\": \"socket\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SOCKET\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"encoding\",\n \"framing\",\n \"mode\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `amazon_security_lake` destination sends your logs to Amazon Security Lake.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"AWS authentication credentials used for accessing AWS services such as S3.\\nIf omitted, the system\\u2019s default credentials are used (for example, the IAM role and environment variables).\",\n \"properties\": {\n \"assume_role\": {\n \"description\": \"The Amazon Resource Name (ARN) of the role to assume.\",\n \"type\": \"string\"\n },\n \"external_id\": {\n \"description\": \"A unique identifier for cross-account role assumption.\",\n \"type\": \"string\"\n },\n \"session_name\": {\n \"description\": \"A session identifier used for logging and tracing the assumed role session.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"bucket\": {\n \"description\": \"Name of the Amazon S3 bucket in Security Lake (3-63 characters).\",\n \"example\": \"security-lake-bucket\",\n \"type\": \"string\"\n },\n \"custom_source_name\": {\n \"description\": \"Custom source name for the logs in Security Lake.\",\n \"example\": \"my-custom-source\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"Unique identifier for the destination component.\",\n \"example\": \"amazon-security-lake-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"region\": {\n \"description\": \"AWS region of the S3 bucket.\",\n \"example\": \"us-east-1\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"amazon_security_lake\",\n \"description\": \"The destination type. Always `amazon_security_lake`.\",\n \"enum\": [\n \"amazon_security_lake\"\n ],\n \"example\": \"amazon_security_lake\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AMAZON_SECURITY_LAKE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"bucket\",\n \"region\",\n \"custom_source_name\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `crowdstrike_next_gen_siem` destination forwards logs to CrowdStrike Next Gen SIEM.\",\n \"properties\": {\n \"compression\": {\n \"description\": \"Compression configuration for log events.\",\n \"properties\": {\n \"algorithm\": {\n \"description\": \"Compression algorithm for log events.\",\n \"enum\": [\n \"gzip\",\n \"zlib\"\n ],\n \"example\": \"gzip\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GZIP\",\n \"ZLIB\"\n ]\n },\n \"level\": {\n \"description\": \"Compression level.\",\n \"example\": 6,\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"required\": [\n \"algorithm\"\n ],\n \"type\": \"object\"\n },\n \"encoding\": {\n \"description\": \"Encoding format for log events.\",\n \"enum\": [\n \"json\",\n \"raw_message\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"crowdstrike-ngsiem-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"crowdstrike_next_gen_siem\",\n \"description\": \"The destination type. The value should always be `crowdstrike_next_gen_siem`.\",\n \"enum\": [\n \"crowdstrike_next_gen_siem\"\n ],\n \"example\": \"crowdstrike_next_gen_siem\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CROWDSTRIKE_NEXT_GEN_SIEM\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"encoding\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `google_pubsub` destination publishes logs to a Google Cloud Pub/Sub topic.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"GCP credentials used to authenticate with Google Cloud Storage.\",\n \"properties\": {\n \"credentials_file\": {\n \"description\": \"Path to the GCP service account key file.\",\n \"example\": \"/var/secrets/gcp-credentials.json\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"credentials_file\"\n ],\n \"type\": \"object\"\n },\n \"encoding\": {\n \"description\": \"Encoding format for log events.\",\n \"enum\": [\n \"json\",\n \"raw_message\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"JSON\",\n \"RAW_MESSAGE\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component.\",\n \"example\": \"google-pubsub-destination\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"project\": {\n \"description\": \"The GCP project ID that owns the Pub/Sub topic.\",\n \"example\": \"my-gcp-project\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"topic\": {\n \"description\": \"The Pub/Sub topic name to publish logs to.\",\n \"example\": \"logs-subscription\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"google_pubsub\",\n \"description\": \"The destination type. The value should always be `google_pubsub`.\",\n \"enum\": [\n \"google_pubsub\"\n ],\n \"example\": \"google_pubsub\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GOOGLE_PUBSUB\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"encoding\",\n \"project\",\n \"topic\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"type\": \"array\"\n },\n \"processors\": {\n \"description\": \"A list of processors that transform or enrich log data.\",\n \"example\": [\n {\n \"id\": \"filter-processor\",\n \"include\": \"service:my-service\",\n \"inputs\": [\n \"datadog-agent-source\"\n ],\n \"type\": \"filter\"\n }\n ],\n \"items\": {\n \"description\": \"A processor for the pipeline.\",\n \"oneOf\": [\n {\n \"description\": \"The `filter` processor allows conditional processing of logs based on a Datadog search query. Logs that match the `include` query are passed through; others are discarded.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"filter-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs should pass through the filter. Logs that match this query continue to downstream components; others are dropped.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"filter\",\n \"description\": \"The processor type. The value should always be `filter`.\",\n \"enum\": [\n \"filter\"\n ],\n \"example\": \"filter\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"FILTER\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `parse_json` processor extracts JSON from a specified field and flattens it into the event. This is useful when logs contain embedded JSON as a string.\",\n \"properties\": {\n \"field\": {\n \"description\": \"The name of the log field that contains a JSON string.\",\n \"example\": \"message\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"parse-json-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"parse_json\",\n \"description\": \"The processor type. The value should always be `parse_json`.\",\n \"enum\": [\n \"parse_json\"\n ],\n \"example\": \"parse_json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"PARSE_JSON\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"field\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The Quota Processor measures logging traffic for logs that match a specified filter. When the configured daily quota is met, the processor can drop or alert.\",\n \"properties\": {\n \"drop_events\": {\n \"description\": \"If set to `true`, logs that matched the quota filter and sent after the quota has been met are dropped; only logs that did not match the filter query continue through the pipeline.\",\n \"example\": false,\n \"type\": \"boolean\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"quota-processor\",\n \"type\": \"string\"\n },\n \"ignore_when_missing_partitions\": {\n \"description\": \"If `true`, the processor skips quota checks when partition fields are missing from the logs.\",\n \"type\": \"boolean\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"limit\": {\n \"description\": \"The maximum amount of data or number of events allowed before the quota is enforced. Can be specified in bytes or events.\",\n \"properties\": {\n \"enforce\": {\n \"description\": \"Unit for quota enforcement in bytes for data size or events for count.\",\n \"enum\": [\n \"bytes\",\n \"events\"\n ],\n \"example\": \"bytes\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BYTES\",\n \"EVENTS\"\n ]\n },\n \"limit\": {\n \"description\": \"The limit for quota enforcement.\",\n \"example\": 1000,\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"required\": [\n \"enforce\",\n \"limit\"\n ],\n \"type\": \"object\"\n },\n \"name\": {\n \"description\": \"Name of the quota.\",\n \"example\": \"MyQuota\",\n \"type\": \"string\"\n },\n \"overflow_action\": {\n \"description\": \"The action to take when the quota is exceeded. Options:\\n- `drop`: Drop the event.\\n- `no_action`: Let the event pass through.\\n- `overflow_routing`: Route to an overflow destination.\",\n \"enum\": [\n \"drop\",\n \"no_action\",\n \"overflow_routing\"\n ],\n \"example\": \"drop\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DROP\",\n \"NO_ACTION\",\n \"OVERFLOW_ROUTING\"\n ]\n },\n \"overrides\": {\n \"description\": \"A list of alternate quota rules that apply to specific sets of events, identified by matching field values. Each override can define a custom limit.\",\n \"items\": {\n \"description\": \"Defines a custom quota limit that applies to specific log events based on matching field values.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"A list of field matchers used to apply a specific override. If an event matches all listed key-value pairs, the corresponding override limit is enforced.\",\n \"items\": {\n \"description\": \"Represents a static key-value pair used in various processors.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The field name.\",\n \"example\": \"field_name\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"The field value.\",\n \"example\": \"field_value\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"limit\": {\n \"description\": \"The maximum amount of data or number of events allowed before the quota is enforced. Can be specified in bytes or events.\",\n \"properties\": {\n \"enforce\": {\n \"description\": \"Unit for quota enforcement in bytes for data size or events for count.\",\n \"enum\": [\n \"bytes\",\n \"events\"\n ],\n \"example\": \"bytes\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BYTES\",\n \"EVENTS\"\n ]\n },\n \"limit\": {\n \"description\": \"The limit for quota enforcement.\",\n \"example\": 1000,\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"required\": [\n \"enforce\",\n \"limit\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"fields\",\n \"limit\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"partition_fields\": {\n \"description\": \"A list of fields used to segment log traffic for quota enforcement. Quotas are tracked independently by unique combinations of these field values.\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"quota\",\n \"description\": \"The processor type. The value should always be `quota`.\",\n \"enum\": [\n \"quota\"\n ],\n \"example\": \"quota\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"QUOTA\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"name\",\n \"drop_events\",\n \"limit\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `add_fields` processor adds static key-value fields to logs.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"A list of static fields (key-value pairs) that is added to each log event processed by this component.\",\n \"items\": {\n \"description\": \"Represents a static key-value pair used in various processors.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The field name.\",\n \"example\": \"field_name\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"The field value.\",\n \"example\": \"field_value\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"add-fields-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"add_fields\",\n \"description\": \"The processor type. The value should always be `add_fields`.\",\n \"enum\": [\n \"add_fields\"\n ],\n \"example\": \"add_fields\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ADD_FIELDS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"fields\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `remove_fields` processor deletes specified fields from logs.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"A list of field names to be removed from each log event.\",\n \"example\": [\n \"field1\",\n \"field2\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"remove-fields-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"The `PipelineRemoveFieldsProcessor` `inputs`.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"remove_fields\",\n \"description\": \"The processor type. The value should always be `remove_fields`.\",\n \"enum\": [\n \"remove_fields\"\n ],\n \"example\": \"remove_fields\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"REMOVE_FIELDS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"fields\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `rename_fields` processor changes field names.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"A list of rename rules specifying which fields to rename in the event, what to rename them to, and whether to preserve the original fields.\",\n \"items\": {\n \"description\": \"Defines how to rename a field in log events.\",\n \"properties\": {\n \"destination\": {\n \"description\": \"The field name to assign the renamed value to.\",\n \"example\": \"destination_field\",\n \"type\": \"string\"\n },\n \"preserve_source\": {\n \"description\": \"Indicates whether the original field, that is received from the source, should be kept (`true`) or removed (`false`) after renaming.\",\n \"example\": false,\n \"type\": \"boolean\"\n },\n \"source\": {\n \"description\": \"The original field name in the log event that should be renamed.\",\n \"example\": \"source_field\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"source\",\n \"destination\",\n \"preserve_source\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"rename-fields-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"rename_fields\",\n \"description\": \"The processor type. The value should always be `rename_fields`.\",\n \"enum\": [\n \"rename_fields\"\n ],\n \"example\": \"rename_fields\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"RENAME_FIELDS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"fields\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `generate_datadog_metrics` processor creates custom metrics from logs and sends them to Datadog.\\nMetrics can be counters, gauges, or distributions and optionally grouped by log fields.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline.\",\n \"example\": \"generate-metrics-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this processor.\",\n \"example\": [\n \"source-id\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"metrics\": {\n \"description\": \"Configuration for generating individual metrics.\",\n \"items\": {\n \"description\": \"Defines a log-based custom metric, including its name, type, filter, value computation strategy,\\nand optional grouping fields.\",\n \"properties\": {\n \"group_by\": {\n \"description\": \"Optional fields used to group the metric series.\",\n \"example\": [\n \"service\",\n \"env\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"include\": {\n \"description\": \"Datadog filter query to match logs for metric generation.\",\n \"example\": \"service:billing\",\n \"type\": \"string\"\n },\n \"metric_type\": {\n \"description\": \"Type of metric to create.\",\n \"enum\": [\n \"count\",\n \"gauge\",\n \"distribution\"\n ],\n \"example\": \"count\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"COUNT\",\n \"GAUGE\",\n \"DISTRIBUTION\"\n ]\n },\n \"name\": {\n \"description\": \"Name of the custom metric to be created.\",\n \"example\": \"logs.processed\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"Specifies how the value of the generated metric is computed.\",\n \"oneOf\": [\n {\n \"description\": \"Strategy that increments a generated metric by one for each matching event.\",\n \"properties\": {\n \"strategy\": {\n \"description\": \"Increments the metric by 1 for each matching event.\",\n \"enum\": [\n \"increment_by_one\"\n ],\n \"example\": \"increment_by_one\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"INCREMENT_BY_ONE\"\n ]\n }\n },\n \"required\": [\n \"strategy\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Strategy that increments a generated metric based on the value of a log field.\",\n \"properties\": {\n \"field\": {\n \"description\": \"Name of the log field containing the numeric value to increment the metric by.\",\n \"example\": \"errors\",\n \"type\": \"string\"\n },\n \"strategy\": {\n \"description\": \"Uses a numeric field in the log event as the metric increment.\",\n \"enum\": [\n \"increment_by_field\"\n ],\n \"example\": \"increment_by_field\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"INCREMENT_BY_FIELD\"\n ]\n }\n },\n \"required\": [\n \"strategy\",\n \"field\"\n ],\n \"type\": \"object\"\n }\n ]\n }\n },\n \"required\": [\n \"name\",\n \"include\",\n \"metric_type\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"generate_datadog_metrics\",\n \"description\": \"The processor type. Always `generate_datadog_metrics`.\",\n \"enum\": [\n \"generate_datadog_metrics\"\n ],\n \"example\": \"generate_datadog_metrics\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GENERATE_DATADOG_METRICS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"inputs\",\n \"include\",\n \"metrics\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `sample` processor allows probabilistic sampling of logs at a fixed rate.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"sample-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"percentage\": {\n \"description\": \"The percentage of logs to sample.\",\n \"example\": 10.0,\n \"format\": \"double\",\n \"type\": \"number\"\n },\n \"rate\": {\n \"description\": \"Number of events to sample (1 in N).\",\n \"example\": 10,\n \"format\": \"int64\",\n \"minimum\": 1,\n \"type\": \"integer\"\n },\n \"type\": {\n \"default\": \"sample\",\n \"description\": \"The processor type. The value should always be `sample`.\",\n \"enum\": [\n \"sample\"\n ],\n \"example\": \"sample\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SAMPLE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `parse_grok` processor extracts structured fields from unstructured log messages using Grok patterns.\",\n \"properties\": {\n \"disable_library_rules\": {\n \"default\": false,\n \"description\": \"If set to `true`, disables the default Grok rules provided by Datadog.\",\n \"example\": true,\n \"type\": \"boolean\"\n },\n \"id\": {\n \"description\": \"A unique identifier for this processor.\",\n \"example\": \"parse-grok-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"rules\": {\n \"description\": \"The list of Grok parsing rules. If multiple matching rules are provided, they are evaluated in order. The first successful match is applied.\",\n \"items\": {\n \"description\": \"A Grok parsing rule used in the `parse_grok` processor. Each rule defines how to extract structured fields\\nfrom a specific log field using Grok patterns.\",\n \"properties\": {\n \"match_rules\": {\n \"description\": \"A list of Grok parsing rules that define how to extract fields from the source field.\\nEach rule must contain a name and a valid Grok pattern.\",\n \"example\": [\n {\n \"name\": \"MyParsingRule\",\n \"rule\": \"%{word:user} connected on %{date(\\\"MM/dd/yyyy\\\"):date}\"\n }\n ],\n \"items\": {\n \"description\": \"Defines a Grok parsing rule, which extracts structured fields from log content using named Grok patterns.\\nEach rule must have a unique name and a valid Datadog Grok pattern that will be applied to the source field.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The name of the rule.\",\n \"example\": \"MyParsingRule\",\n \"type\": \"string\"\n },\n \"rule\": {\n \"description\": \"The definition of the Grok rule.\",\n \"example\": \"%{word:user} connected on %{date(\\\"MM/dd/yyyy\\\"):date}\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"rule\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"source\": {\n \"description\": \"The name of the field in the log event to apply the Grok rules to.\",\n \"example\": \"message\",\n \"type\": \"string\"\n },\n \"support_rules\": {\n \"description\": \"A list of Grok helper rules that can be referenced by the parsing rules.\",\n \"example\": [\n {\n \"name\": \"user\",\n \"rule\": \"%{word:user.name}\"\n }\n ],\n \"items\": {\n \"description\": \"The Grok helper rule referenced in the parsing rules.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The name of the Grok helper rule.\",\n \"example\": \"user\",\n \"type\": \"string\"\n },\n \"rule\": {\n \"description\": \"The definition of the Grok helper rule.\",\n \"example\": \" %{word:user.name}\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"rule\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"source\",\n \"match_rules\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"parse_grok\",\n \"description\": \"The processor type. The value should always be `parse_grok`.\",\n \"enum\": [\n \"parse_grok\"\n ],\n \"example\": \"parse_grok\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"PARSE_GROK\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"rules\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `sensitive_data_scanner` processor detects and optionally redacts sensitive data in log events.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"sensitive-scanner\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"source:prod\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"parse-json-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"rules\": {\n \"description\": \"A list of rules for identifying and acting on sensitive data patterns.\",\n \"items\": {\n \"description\": \"Defines a rule for detecting sensitive data, including matching pattern, scope, and the action to take.\",\n \"properties\": {\n \"keyword_options\": {\n \"description\": \"Configuration for keywords used to reinforce sensitive data pattern detection.\",\n \"properties\": {\n \"keywords\": {\n \"description\": \"A list of keywords to match near the sensitive pattern.\",\n \"example\": [\n \"ssn\",\n \"card\",\n \"account\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"proximity\": {\n \"description\": \"Maximum number of tokens between a keyword and a sensitive value match.\",\n \"example\": 5,\n \"format\": \"int64\",\n \"type\": \"integer\"\n }\n },\n \"required\": [\n \"keywords\",\n \"proximity\"\n ],\n \"type\": \"object\"\n },\n \"name\": {\n \"description\": \"A name identifying the rule.\",\n \"example\": \"Redact Credit Card Numbers\",\n \"type\": \"string\"\n },\n \"on_match\": {\n \"description\": \"Defines what action to take when sensitive data is matched.\",\n \"oneOf\": [\n {\n \"description\": \"Configuration for completely redacting matched sensitive data.\",\n \"properties\": {\n \"action\": {\n \"description\": \"Action type that completely replaces the matched sensitive data with a fixed replacement string to remove all visibility.\",\n \"enum\": [\n \"redact\"\n ],\n \"example\": \"redact\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"REDACT\"\n ]\n },\n \"options\": {\n \"description\": \"Configuration for fully redacting sensitive data.\",\n \"properties\": {\n \"replace\": {\n \"description\": \"The `ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions` `replace`.\",\n \"example\": \"***\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"replace\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"action\",\n \"options\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Configuration for hashing matched sensitive values.\",\n \"properties\": {\n \"action\": {\n \"description\": \"Action type that replaces the matched sensitive data with a hashed representation, preserving structure while securing content.\",\n \"enum\": [\n \"hash\"\n ],\n \"example\": \"hash\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"HASH\"\n ]\n },\n \"options\": {\n \"description\": \"The `ObservabilityPipelineSensitiveDataScannerProcessorActionHash` `options`.\",\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"action\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Configuration for partially redacting matched sensitive data.\",\n \"properties\": {\n \"action\": {\n \"description\": \"Action type that redacts part of the sensitive data while preserving a configurable number of characters, typically used for masking purposes (e.g., show last 4 digits of a credit card).\",\n \"enum\": [\n \"partial_redact\"\n ],\n \"example\": \"partial_redact\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"PARTIAL_REDACT\"\n ]\n },\n \"options\": {\n \"description\": \"Controls how partial redaction is applied, including character count and direction.\",\n \"properties\": {\n \"characters\": {\n \"description\": \"The `ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions` `characters`.\",\n \"example\": 4,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"direction\": {\n \"description\": \"Indicates whether to redact characters from the first or last part of the matched value.\",\n \"enum\": [\n \"first\",\n \"last\"\n ],\n \"example\": \"last\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"FIRST\",\n \"LAST\"\n ]\n }\n },\n \"required\": [\n \"characters\",\n \"direction\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"action\",\n \"options\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"pattern\": {\n \"description\": \"Pattern detection configuration for identifying sensitive data using either a custom regex or a library reference.\",\n \"oneOf\": [\n {\n \"description\": \"Defines a custom regex-based pattern for identifying sensitive data in logs.\",\n \"properties\": {\n \"options\": {\n \"description\": \"Options for defining a custom regex pattern.\",\n \"properties\": {\n \"rule\": {\n \"description\": \"A regular expression used to detect sensitive values. Must be a valid regex.\",\n \"example\": \"\\\\b\\\\d{16}\\\\b\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"rule\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"description\": \"Indicates a custom regular expression is used for matching.\",\n \"enum\": [\n \"custom\"\n ],\n \"example\": \"custom\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CUSTOM\"\n ]\n }\n },\n \"required\": [\n \"type\",\n \"options\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Specifies a pattern from Datadog\\u2019s sensitive data detection library to match known sensitive data types.\",\n \"properties\": {\n \"options\": {\n \"description\": \"Options for selecting a predefined library pattern and enabling keyword support.\",\n \"properties\": {\n \"id\": {\n \"description\": \"Identifier for a predefined pattern from the sensitive data scanner pattern library.\",\n \"example\": \"credit_card\",\n \"type\": \"string\"\n },\n \"use_recommended_keywords\": {\n \"description\": \"Whether to augment the pattern with recommended keywords (optional).\",\n \"type\": \"boolean\"\n }\n },\n \"required\": [\n \"id\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"description\": \"Indicates that a predefined library pattern is used.\",\n \"enum\": [\n \"library\"\n ],\n \"example\": \"library\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"LIBRARY\"\n ]\n }\n },\n \"required\": [\n \"type\",\n \"options\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"scope\": {\n \"description\": \"Determines which parts of the log the pattern-matching rule should be applied to.\",\n \"oneOf\": [\n {\n \"description\": \"Includes only specific fields for sensitive data scanning.\",\n \"properties\": {\n \"options\": {\n \"description\": \"Fields to which the scope rule applies.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"The `ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions` `fields`.\",\n \"example\": [\n \"\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"fields\"\n ],\n \"type\": \"object\"\n },\n \"target\": {\n \"description\": \"Applies the rule only to included fields.\",\n \"enum\": [\n \"include\"\n ],\n \"example\": \"include\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"INCLUDE\"\n ]\n }\n },\n \"required\": [\n \"target\",\n \"options\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Excludes specific fields from sensitive data scanning.\",\n \"properties\": {\n \"options\": {\n \"description\": \"Fields to which the scope rule applies.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"The `ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions` `fields`.\",\n \"example\": [\n \"\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"fields\"\n ],\n \"type\": \"object\"\n },\n \"target\": {\n \"description\": \"Excludes specific fields from processing.\",\n \"enum\": [\n \"exclude\"\n ],\n \"example\": \"exclude\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"EXCLUDE\"\n ]\n }\n },\n \"required\": [\n \"target\",\n \"options\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Applies scanning across all available fields.\",\n \"properties\": {\n \"target\": {\n \"description\": \"Applies the rule to all fields.\",\n \"enum\": [\n \"all\"\n ],\n \"example\": \"all\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ALL\"\n ]\n }\n },\n \"required\": [\n \"target\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"tags\": {\n \"description\": \"Tags assigned to this rule for filtering and classification.\",\n \"example\": [\n \"pii\",\n \"ccn\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"name\",\n \"tags\",\n \"pattern\",\n \"scope\",\n \"on_match\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"sensitive_data_scanner\",\n \"description\": \"The processor type. The value should always be `sensitive_data_scanner`.\",\n \"enum\": [\n \"sensitive_data_scanner\"\n ],\n \"example\": \"sensitive_data_scanner\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SENSITIVE_DATA_SCANNER\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"rules\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `ocsf_mapper` processor transforms logs into the OCSF schema using a predefined mapping configuration.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline.\",\n \"example\": \"ocsf-mapper-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this processor.\",\n \"example\": [\n \"filter-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"mappings\": {\n \"description\": \"A list of mapping rules to convert events to the OCSF format.\",\n \"items\": {\n \"description\": \"Defines how specific events are transformed to OCSF using a mapping configuration.\",\n \"properties\": {\n \"include\": {\n \"description\": \"A Datadog search query used to select the logs that this mapping should apply to.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"mapping\": {\n \"description\": \"Defines a single mapping rule for transforming logs into the OCSF schema.\",\n \"oneOf\": [\n {\n \"description\": \"Predefined library mappings for common log formats.\",\n \"enum\": [\n \"CloudTrail Account Change\",\n \"GCP Cloud Audit CreateBucket\",\n \"GCP Cloud Audit CreateSink\",\n \"GCP Cloud Audit SetIamPolicy\",\n \"GCP Cloud Audit UpdateSink\",\n \"Github Audit Log API Activity\",\n \"Google Workspace Admin Audit addPrivilege\",\n \"Microsoft 365 Defender Incident\",\n \"Microsoft 365 Defender UserLoggedIn\",\n \"Okta System Log Authentication\",\n \"Palo Alto Networks Firewall Traffic\"\n ],\n \"example\": \"CloudTrail Account Change\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CLOUDTRAIL_ACCOUNT_CHANGE\",\n \"GCP_CLOUD_AUDIT_CREATEBUCKET\",\n \"GCP_CLOUD_AUDIT_CREATESINK\",\n \"GCP_CLOUD_AUDIT_SETIAMPOLICY\",\n \"GCP_CLOUD_AUDIT_UPDATESINK\",\n \"GITHUB_AUDIT_LOG_API_ACTIVITY\",\n \"GOOGLE_WORKSPACE_ADMIN_AUDIT_ADDPRIVILEGE\",\n \"MICROSOFT_365_DEFENDER_INCIDENT\",\n \"MICROSOFT_365_DEFENDER_USERLOGGEDIN\",\n \"OKTA_SYSTEM_LOG_AUTHENTICATION\",\n \"PALO_ALTO_NETWORKS_FIREWALL_TRAFFIC\"\n ]\n }\n ]\n }\n },\n \"required\": [\n \"include\",\n \"mapping\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"ocsf_mapper\",\n \"description\": \"The processor type. The value should always be `ocsf_mapper`.\",\n \"enum\": [\n \"ocsf_mapper\"\n ],\n \"example\": \"ocsf_mapper\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"OCSF_MAPPER\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"mappings\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `add_env_vars` processor adds environment variable values to log events.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this processor in the pipeline.\",\n \"example\": \"add-env-vars-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"add_env_vars\",\n \"description\": \"The processor type. The value should always be `add_env_vars`.\",\n \"enum\": [\n \"add_env_vars\"\n ],\n \"example\": \"add_env_vars\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ADD_ENV_VARS\"\n ]\n },\n \"variables\": {\n \"description\": \"A list of environment variable mappings to apply to log fields.\",\n \"items\": {\n \"description\": \"Defines a mapping between an environment variable and a log field.\",\n \"properties\": {\n \"field\": {\n \"description\": \"The target field in the log event.\",\n \"example\": \"log.environment.region\",\n \"type\": \"string\"\n },\n \"name\": {\n \"description\": \"The name of the environment variable to read.\",\n \"example\": \"AWS_REGION\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"field\",\n \"name\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"variables\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `dedupe` processor removes duplicate fields in log events.\",\n \"properties\": {\n \"fields\": {\n \"description\": \"A list of log field paths to check for duplicates.\",\n \"example\": [\n \"log.message\",\n \"log.error\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this processor.\",\n \"example\": \"dedupe-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"parse-json-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"mode\": {\n \"description\": \"The deduplication mode to apply to the fields.\",\n \"enum\": [\n \"match\",\n \"ignore\"\n ],\n \"example\": \"match\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"MATCH\",\n \"IGNORE\"\n ]\n },\n \"type\": {\n \"default\": \"dedupe\",\n \"description\": \"The processor type. The value should always be `dedupe`.\",\n \"enum\": [\n \"dedupe\"\n ],\n \"example\": \"dedupe\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DEDUPE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"fields\",\n \"mode\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `enrichment_table` processor enriches logs using a static CSV file or GeoIP database.\",\n \"properties\": {\n \"file\": {\n \"description\": \"Defines a static enrichment table loaded from a CSV file.\",\n \"properties\": {\n \"encoding\": {\n \"description\": \"File encoding format.\",\n \"properties\": {\n \"delimiter\": {\n \"description\": \"The `encoding` `delimiter`.\",\n \"example\": \",\",\n \"type\": \"string\"\n },\n \"includes_headers\": {\n \"description\": \"The `encoding` `includes_headers`.\",\n \"example\": true,\n \"type\": \"boolean\"\n },\n \"type\": {\n \"description\": \"Specifies the encoding format (e.g., CSV) used for enrichment tables.\",\n \"enum\": [\n \"csv\"\n ],\n \"example\": \"csv\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CSV\"\n ]\n }\n },\n \"required\": [\n \"type\",\n \"delimiter\",\n \"includes_headers\"\n ],\n \"type\": \"object\"\n },\n \"key\": {\n \"description\": \"Key fields used to look up enrichment values.\",\n \"items\": {\n \"description\": \"Defines how to map log fields to enrichment table columns during lookups.\",\n \"properties\": {\n \"column\": {\n \"description\": \"The `items` `column`.\",\n \"example\": \"user_id\",\n \"type\": \"string\"\n },\n \"comparison\": {\n \"description\": \"Defines how to compare key fields for enrichment table lookups.\",\n \"enum\": [\n \"equals\"\n ],\n \"example\": \"equals\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"EQUALS\"\n ]\n },\n \"field\": {\n \"description\": \"The `items` `field`.\",\n \"example\": \"log.user.id\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"column\",\n \"comparison\",\n \"field\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"path\": {\n \"description\": \"Path to the CSV file.\",\n \"example\": \"/etc/enrichment/lookup.csv\",\n \"type\": \"string\"\n },\n \"schema\": {\n \"description\": \"Schema defining column names and their types.\",\n \"items\": {\n \"description\": \"Describes a single column and its type in an enrichment table schema.\",\n \"properties\": {\n \"column\": {\n \"description\": \"The `items` `column`.\",\n \"example\": \"region\",\n \"type\": \"string\"\n },\n \"type\": {\n \"description\": \"Declares allowed data types for enrichment table columns.\",\n \"enum\": [\n \"string\",\n \"boolean\",\n \"integer\",\n \"float\",\n \"date\",\n \"timestamp\"\n ],\n \"example\": \"string\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"STRING\",\n \"BOOLEAN\",\n \"INTEGER\",\n \"FLOAT\",\n \"DATE\",\n \"TIMESTAMP\"\n ]\n }\n },\n \"required\": [\n \"column\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"encoding\",\n \"key\",\n \"path\",\n \"schema\"\n ],\n \"type\": \"object\"\n },\n \"geoip\": {\n \"description\": \"Uses a GeoIP database to enrich logs based on an IP field.\",\n \"properties\": {\n \"key_field\": {\n \"description\": \"Path to the IP field in the log.\",\n \"example\": \"log.source.ip\",\n \"type\": \"string\"\n },\n \"locale\": {\n \"description\": \"Locale used to resolve geographical names.\",\n \"example\": \"en\",\n \"type\": \"string\"\n },\n \"path\": {\n \"description\": \"Path to the GeoIP database file.\",\n \"example\": \"/etc/geoip/GeoLite2-City.mmdb\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"key_field\",\n \"locale\",\n \"path\"\n ],\n \"type\": \"object\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this processor.\",\n \"example\": \"enrichment-table-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"source:my-source\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"add-fields-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"target\": {\n \"description\": \"Path where enrichment results should be stored in the log.\",\n \"example\": \"enriched.geoip\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"enrichment_table\",\n \"description\": \"The processor type. The value should always be `enrichment_table`.\",\n \"enum\": [\n \"enrichment_table\"\n ],\n \"example\": \"enrichment_table\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"ENRICHMENT_TABLE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"target\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `reduce` processor aggregates and merges logs based on matching keys and merge strategies.\",\n \"properties\": {\n \"group_by\": {\n \"description\": \"A list of fields used to group log events for merging.\",\n \"example\": [\n \"log.user.id\",\n \"log.device.id\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this processor.\",\n \"example\": \"reduce-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"env:prod\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"parse-json-processor\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"merge_strategies\": {\n \"description\": \"List of merge strategies defining how values from grouped events should be combined.\",\n \"items\": {\n \"description\": \"Defines how a specific field should be merged across grouped events.\",\n \"properties\": {\n \"path\": {\n \"description\": \"The field path in the log event.\",\n \"example\": \"log.user.roles\",\n \"type\": \"string\"\n },\n \"strategy\": {\n \"description\": \"The merge strategy to apply.\",\n \"enum\": [\n \"discard\",\n \"retain\",\n \"sum\",\n \"max\",\n \"min\",\n \"array\",\n \"concat\",\n \"concat_newline\",\n \"concat_raw\",\n \"shortest_array\",\n \"longest_array\",\n \"flat_unique\"\n ],\n \"example\": \"flat_unique\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DISCARD\",\n \"RETAIN\",\n \"SUM\",\n \"MAX\",\n \"MIN\",\n \"ARRAY\",\n \"CONCAT\",\n \"CONCAT_NEWLINE\",\n \"CONCAT_RAW\",\n \"SHORTEST_ARRAY\",\n \"LONGEST_ARRAY\",\n \"FLAT_UNIQUE\"\n ]\n }\n },\n \"required\": [\n \"path\",\n \"strategy\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"reduce\",\n \"description\": \"The processor type. The value should always be `reduce`.\",\n \"enum\": [\n \"reduce\"\n ],\n \"example\": \"reduce\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"REDUCE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"group_by\",\n \"merge_strategies\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `throttle` processor limits the number of events that pass through over a given time window.\",\n \"properties\": {\n \"group_by\": {\n \"description\": \"Optional list of fields used to group events before the threshold has been reached.\",\n \"example\": [\n \"log.user.id\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this processor.\",\n \"example\": \"throttle-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"env:prod\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"threshold\": {\n \"description\": \"the number of events allowed in a given time window. Events sent after the threshold has been reached, are dropped.\",\n \"example\": 1000,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"type\": {\n \"default\": \"throttle\",\n \"description\": \"The processor type. The value should always be `throttle`.\",\n \"enum\": [\n \"throttle\"\n ],\n \"example\": \"throttle\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"THROTTLE\"\n ]\n },\n \"window\": {\n \"description\": \"The time window in seconds over which the threshold applies.\",\n \"example\": 60.0,\n \"format\": \"double\",\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"inputs\",\n \"threshold\",\n \"window\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `custom_processor` processor transforms events using [Vector Remap Language (VRL)](https://vector.dev/docs/reference/vrl/) scripts with advanced filtering capabilities.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this processor.\",\n \"example\": \"remap-vrl-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"default\": \"*\",\n \"description\": \"A Datadog search query used to determine which logs this processor targets. This field should always be set to `*` for the custom_processor processor.\",\n \"example\": \"*\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the input for this processor.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"remaps\": {\n \"description\": \"Array of VRL remap rules.\",\n \"items\": {\n \"description\": \"Defines a single VRL remap rule with its own filtering and transformation logic.\",\n \"properties\": {\n \"drop_on_error\": {\n \"description\": \"Whether to drop events that caused errors during processing.\",\n \"example\": false,\n \"type\": \"boolean\"\n },\n \"enabled\": {\n \"description\": \"Whether this remap rule is enabled.\",\n \"example\": true,\n \"type\": \"boolean\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to filter events for this specific remap rule.\",\n \"example\": \"service:web\",\n \"type\": \"string\"\n },\n \"name\": {\n \"description\": \"A descriptive name for this remap rule.\",\n \"example\": \"Parse JSON from message field\",\n \"type\": \"string\"\n },\n \"source\": {\n \"description\": \"The VRL script source code that defines the processing logic.\",\n \"example\": \". = parse_json!(.message)\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"include\",\n \"name\",\n \"source\",\n \"enabled\",\n \"drop_on_error\"\n ],\n \"type\": \"object\"\n },\n \"minItems\": 1,\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"custom_processor\",\n \"description\": \"The processor type. The value should always be `custom_processor`.\",\n \"enum\": [\n \"custom_processor\"\n ],\n \"example\": \"custom_processor\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CUSTOM_PROCESSOR\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"remaps\",\n \"inputs\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `datadog_tags` processor includes or excludes specific Datadog tags in your logs.\",\n \"properties\": {\n \"action\": {\n \"description\": \"The action to take on tags with matching keys.\",\n \"enum\": [\n \"include\",\n \"exclude\"\n ],\n \"example\": \"include\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"INCLUDE\",\n \"EXCLUDE\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"datadog-tags-processor\",\n \"type\": \"string\"\n },\n \"include\": {\n \"description\": \"A Datadog search query used to determine which logs this processor targets.\",\n \"example\": \"service:my-service\",\n \"type\": \"string\"\n },\n \"inputs\": {\n \"description\": \"A list of component IDs whose output is used as the `input` for this component.\",\n \"example\": [\n \"datadog-agent-source\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"keys\": {\n \"description\": \"A list of tag keys.\",\n \"example\": [\n \"env\",\n \"service\",\n \"version\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"mode\": {\n \"description\": \"The processing mode.\",\n \"enum\": [\n \"filter\"\n ],\n \"example\": \"filter\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"FILTER\"\n ]\n },\n \"type\": {\n \"default\": \"datadog_tags\",\n \"description\": \"The processor type. The value should always be `datadog_tags`.\",\n \"enum\": [\n \"datadog_tags\"\n ],\n \"example\": \"datadog_tags\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DATADOG_TAGS\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"include\",\n \"mode\",\n \"action\",\n \"keys\",\n \"inputs\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"type\": \"array\"\n },\n \"sources\": {\n \"description\": \"A list of configured data sources for the pipeline.\",\n \"example\": [\n {\n \"id\": \"datadog-agent-source\",\n \"type\": \"datadog_agent\"\n }\n ],\n \"items\": {\n \"description\": \"A data source for the pipeline.\",\n \"oneOf\": [\n {\n \"description\": \"The `kafka` source ingests data from Apache Kafka topics.\",\n \"properties\": {\n \"group_id\": {\n \"description\": \"Consumer group ID used by the Kafka client.\",\n \"example\": \"consumer-group-0\",\n \"type\": \"string\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"kafka-source\",\n \"type\": \"string\"\n },\n \"librdkafka_options\": {\n \"description\": \"Optional list of advanced Kafka client configuration options, defined as key-value pairs.\",\n \"items\": {\n \"description\": \"Represents a key-value pair used to configure low-level `librdkafka` client options for Kafka sources, such as timeouts, buffer sizes, and security settings.\",\n \"properties\": {\n \"name\": {\n \"description\": \"The name of the `librdkafka` configuration option to set.\",\n \"example\": \"fetch.message.max.bytes\",\n \"type\": \"string\"\n },\n \"value\": {\n \"description\": \"The value assigned to the specified `librdkafka` configuration option.\",\n \"example\": \"1048576\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"value\"\n ],\n \"type\": \"object\"\n },\n \"type\": \"array\"\n },\n \"sasl\": {\n \"description\": \"Specifies the SASL mechanism for authenticating with a Kafka cluster.\",\n \"properties\": {\n \"mechanism\": {\n \"description\": \"SASL mechanism used for Kafka authentication.\",\n \"enum\": [\n \"PLAIN\",\n \"SCRAM-SHA-256\",\n \"SCRAM-SHA-512\"\n ],\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"PLAIN\",\n \"SCRAMNOT_SHANOT_256\",\n \"SCRAMNOT_SHANOT_512\"\n ]\n }\n },\n \"type\": \"object\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"topics\": {\n \"description\": \"A list of Kafka topic names to subscribe to. The source ingests messages from each topic specified.\",\n \"example\": [\n \"topic1\",\n \"topic2\"\n ],\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"type\": {\n \"default\": \"kafka\",\n \"description\": \"The source type. The value should always be `kafka`.\",\n \"enum\": [\n \"kafka\"\n ],\n \"example\": \"kafka\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"KAFKA\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"group_id\",\n \"topics\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `datadog_agent` source collects logs from the Datadog Agent.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"datadog-agent-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"datadog_agent\",\n \"description\": \"The source type. The value should always be `datadog_agent`.\",\n \"enum\": [\n \"datadog_agent\"\n ],\n \"example\": \"datadog_agent\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DATADOG_AGENT\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP.\\nTLS is supported for secure transmission.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"splunk-tcp-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"splunk_tcp\",\n \"description\": \"The source type. Always `splunk_tcp`.\",\n \"enum\": [\n \"splunk_tcp\"\n ],\n \"example\": \"splunk_tcp\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SPLUNK_TCP\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `splunk_hec` source implements the Splunk HTTP Event Collector (HEC) API.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"splunk-hec-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"splunk_hec\",\n \"description\": \"The source type. Always `splunk_hec`.\",\n \"enum\": [\n \"splunk_hec\"\n ],\n \"example\": \"splunk_hec\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SPLUNK_HEC\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `amazon_s3` source ingests logs from an Amazon S3 bucket.\\nIt supports AWS authentication and TLS encryption.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"AWS authentication credentials used for accessing AWS services such as S3.\\nIf omitted, the system\\u2019s default credentials are used (for example, the IAM role and environment variables).\",\n \"properties\": {\n \"assume_role\": {\n \"description\": \"The Amazon Resource Name (ARN) of the role to assume.\",\n \"type\": \"string\"\n },\n \"external_id\": {\n \"description\": \"A unique identifier for cross-account role assumption.\",\n \"type\": \"string\"\n },\n \"session_name\": {\n \"description\": \"A session identifier used for logging and tracing the assumed role session.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"aws-s3-source\",\n \"type\": \"string\"\n },\n \"region\": {\n \"description\": \"AWS region where the S3 bucket resides.\",\n \"example\": \"us-east-1\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"amazon_s3\",\n \"description\": \"The source type. Always `amazon_s3`.\",\n \"enum\": [\n \"amazon_s3\"\n ],\n \"example\": \"amazon_s3\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AMAZON_S3\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"region\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `fluentd` source ingests logs from a Fluentd-compatible service.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"fluent-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"fluentd\",\n \"description\": \"The source type. The value should always be `fluentd.\",\n \"enum\": [\n \"fluentd\"\n ],\n \"example\": \"fluentd\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"FLUENTD\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `fluent_bit` source ingests logs from Fluent Bit.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components).\",\n \"example\": \"fluent-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"fluent_bit\",\n \"description\": \"The source type. The value should always be `fluent_bit`.\",\n \"enum\": [\n \"fluent_bit\"\n ],\n \"example\": \"fluent_bit\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"FLUENT_BIT\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `http_server` source collects logs over HTTP POST from external services.\",\n \"properties\": {\n \"auth_strategy\": {\n \"description\": \"HTTP authentication method.\",\n \"enum\": [\n \"none\",\n \"plain\"\n ],\n \"example\": \"plain\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"NONE\",\n \"PLAIN\"\n ]\n },\n \"decoding\": {\n \"description\": \"The decoding format used to interpret incoming logs.\",\n \"enum\": [\n \"bytes\",\n \"gelf\",\n \"json\",\n \"syslog\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DECODE_BYTES\",\n \"DECODE_GELF\",\n \"DECODE_JSON\",\n \"DECODE_SYSLOG\"\n ]\n },\n \"id\": {\n \"description\": \"Unique ID for the HTTP server source.\",\n \"example\": \"http-server-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"http_server\",\n \"description\": \"The source type. The value should always be `http_server`.\",\n \"enum\": [\n \"http_server\"\n ],\n \"example\": \"http_server\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"HTTP_SERVER\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"auth_strategy\",\n \"decoding\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `sumo_logic` source receives logs from Sumo Logic collectors.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"sumo-logic-source\",\n \"type\": \"string\"\n },\n \"type\": {\n \"default\": \"sumo_logic\",\n \"description\": \"The source type. The value should always be `sumo_logic`.\",\n \"enum\": [\n \"sumo_logic\"\n ],\n \"example\": \"sumo_logic\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SUMO_LOGIC\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `rsyslog` source listens for logs over TCP or UDP from an `rsyslog` server using the syslog protocol.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"rsyslog-source\",\n \"type\": \"string\"\n },\n \"mode\": {\n \"description\": \"Protocol used by the syslog source to receive messages.\",\n \"enum\": [\n \"tcp\",\n \"udp\"\n ],\n \"example\": \"tcp\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"TCP\",\n \"UDP\"\n ]\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"rsyslog\",\n \"description\": \"The source type. The value should always be `rsyslog`.\",\n \"enum\": [\n \"rsyslog\"\n ],\n \"example\": \"rsyslog\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"RSYSLOG\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"mode\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `syslog_ng` source listens for logs over TCP or UDP from a `syslog-ng` server using the syslog protocol.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"syslog-ng-source\",\n \"type\": \"string\"\n },\n \"mode\": {\n \"description\": \"Protocol used by the syslog source to receive messages.\",\n \"enum\": [\n \"tcp\",\n \"udp\"\n ],\n \"example\": \"tcp\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"TCP\",\n \"UDP\"\n ]\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"syslog_ng\",\n \"description\": \"The source type. The value should always be `syslog_ng`.\",\n \"enum\": [\n \"syslog_ng\"\n ],\n \"example\": \"syslog_ng\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SYSLOG_NG\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"mode\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `amazon_data_firehose` source ingests logs from AWS Data Firehose.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"AWS authentication credentials used for accessing AWS services such as S3.\\nIf omitted, the system\\u2019s default credentials are used (for example, the IAM role and environment variables).\",\n \"properties\": {\n \"assume_role\": {\n \"description\": \"The Amazon Resource Name (ARN) of the role to assume.\",\n \"type\": \"string\"\n },\n \"external_id\": {\n \"description\": \"A unique identifier for cross-account role assumption.\",\n \"type\": \"string\"\n },\n \"session_name\": {\n \"description\": \"A session identifier used for logging and tracing the assumed role session.\",\n \"type\": \"string\"\n }\n },\n \"type\": \"object\"\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"amazon-firehose-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"amazon_data_firehose\",\n \"description\": \"The source type. The value should always be `amazon_data_firehose`.\",\n \"enum\": [\n \"amazon_data_firehose\"\n ],\n \"example\": \"amazon_data_firehose\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"AMAZON_DATA_FIREHOSE\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `google_pubsub` source ingests logs from a Google Cloud Pub/Sub subscription.\",\n \"properties\": {\n \"auth\": {\n \"description\": \"GCP credentials used to authenticate with Google Cloud Storage.\",\n \"properties\": {\n \"credentials_file\": {\n \"description\": \"Path to the GCP service account key file.\",\n \"example\": \"/var/secrets/gcp-credentials.json\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"credentials_file\"\n ],\n \"type\": \"object\"\n },\n \"decoding\": {\n \"description\": \"The decoding format used to interpret incoming logs.\",\n \"enum\": [\n \"bytes\",\n \"gelf\",\n \"json\",\n \"syslog\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DECODE_BYTES\",\n \"DECODE_GELF\",\n \"DECODE_JSON\",\n \"DECODE_SYSLOG\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"google-pubsub-source\",\n \"type\": \"string\"\n },\n \"project\": {\n \"description\": \"The GCP project ID that owns the Pub/Sub subscription.\",\n \"example\": \"my-gcp-project\",\n \"type\": \"string\"\n },\n \"subscription\": {\n \"description\": \"The Pub/Sub subscription name from which messages are consumed.\",\n \"example\": \"logs-subscription\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"google_pubsub\",\n \"description\": \"The source type. The value should always be `google_pubsub`.\",\n \"enum\": [\n \"google_pubsub\"\n ],\n \"example\": \"google_pubsub\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"GOOGLE_PUBSUB\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"auth\",\n \"decoding\",\n \"project\",\n \"subscription\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `http_client` source scrapes logs from HTTP endpoints at regular intervals.\",\n \"properties\": {\n \"auth_strategy\": {\n \"description\": \"Optional authentication strategy for HTTP requests.\",\n \"enum\": [\n \"basic\",\n \"bearer\"\n ],\n \"example\": \"basic\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BASIC\",\n \"BEARER\"\n ]\n },\n \"decoding\": {\n \"description\": \"The decoding format used to interpret incoming logs.\",\n \"enum\": [\n \"bytes\",\n \"gelf\",\n \"json\",\n \"syslog\"\n ],\n \"example\": \"json\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"DECODE_BYTES\",\n \"DECODE_GELF\",\n \"DECODE_JSON\",\n \"DECODE_SYSLOG\"\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"http-client-source\",\n \"type\": \"string\"\n },\n \"scrape_interval_secs\": {\n \"description\": \"The interval (in seconds) between HTTP scrape requests.\",\n \"example\": 60,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"scrape_timeout_secs\": {\n \"description\": \"The timeout (in seconds) for each scrape request.\",\n \"example\": 10,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"http_client\",\n \"description\": \"The source type. The value should always be `http_client`.\",\n \"enum\": [\n \"http_client\"\n ],\n \"example\": \"http_client\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"HTTP_CLIENT\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"decoding\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `logstash` source ingests logs from a Logstash forwarder.\",\n \"properties\": {\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"logstash-source\",\n \"type\": \"string\"\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"logstash\",\n \"description\": \"The source type. The value should always be `logstash`.\",\n \"enum\": [\n \"logstash\"\n ],\n \"example\": \"logstash\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"LOGSTASH\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"The `socket` source ingests logs over TCP or UDP.\",\n \"properties\": {\n \"framing\": {\n \"description\": \"Framing method configuration for the socket source.\",\n \"oneOf\": [\n {\n \"description\": \"Byte frames which are delimited by a newline character.\",\n \"properties\": {\n \"method\": {\n \"description\": \"Byte frames which are delimited by a newline character.\",\n \"enum\": [\n \"newline_delimited\"\n ],\n \"example\": \"newline_delimited\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"NEWLINE_DELIMITED\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments).\",\n \"properties\": {\n \"method\": {\n \"description\": \"Byte frames are passed through as-is according to the underlying I/O boundaries (for example, split between messages or stream segments).\",\n \"enum\": [\n \"bytes\"\n ],\n \"example\": \"bytes\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"BYTES\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Byte frames which are delimited by a chosen character.\",\n \"properties\": {\n \"delimiter\": {\n \"description\": \"A single ASCII character used to delimit events.\",\n \"example\": \"|\",\n \"maxLength\": 1,\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"method\": {\n \"description\": \"Byte frames which are delimited by a chosen character.\",\n \"enum\": [\n \"character_delimited\"\n ],\n \"example\": \"character_delimited\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CHARACTER_DELIMITED\"\n ]\n }\n },\n \"required\": [\n \"method\",\n \"delimiter\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Byte frames according to the octet counting format as per RFC6587.\",\n \"properties\": {\n \"method\": {\n \"description\": \"Byte frames according to the octet counting format as per RFC6587.\",\n \"enum\": [\n \"octet_counting\"\n ],\n \"example\": \"octet_counting\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"OCTET_COUNTING\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n },\n {\n \"description\": \"Byte frames which are chunked GELF messages.\",\n \"properties\": {\n \"method\": {\n \"description\": \"Byte frames which are chunked GELF messages.\",\n \"enum\": [\n \"chunked_gelf\"\n ],\n \"example\": \"chunked_gelf\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"CHUNKED_GELF\"\n ]\n }\n },\n \"required\": [\n \"method\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"id\": {\n \"description\": \"The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components).\",\n \"example\": \"socket-source\",\n \"type\": \"string\"\n },\n \"mode\": {\n \"description\": \"Protocol used to receive logs.\",\n \"enum\": [\n \"tcp\",\n \"udp\"\n ],\n \"example\": \"tcp\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"TCP\",\n \"UDP\"\n ]\n },\n \"tls\": {\n \"description\": \"Configuration for enabling TLS encryption between the pipeline component and external services.\",\n \"properties\": {\n \"ca_file\": {\n \"description\": \"Path to the Certificate Authority (CA) file used to validate the server\\u2019s TLS certificate.\",\n \"type\": \"string\"\n },\n \"crt_file\": {\n \"description\": \"Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services.\",\n \"example\": \"/path/to/cert.crt\",\n \"type\": \"string\"\n },\n \"key_file\": {\n \"description\": \"Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication.\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"crt_file\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"socket\",\n \"description\": \"The source type. The value should always be `socket`.\",\n \"enum\": [\n \"socket\"\n ],\n \"example\": \"socket\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SOCKET\"\n ]\n }\n },\n \"required\": [\n \"id\",\n \"type\",\n \"mode\",\n \"framing\"\n ],\n \"type\": \"object\"\n }\n ]\n },\n \"type\": \"array\"\n }\n },\n \"required\": [\n \"sources\",\n \"destinations\"\n ],\n \"type\": \"object\"\n },\n \"name\": {\n \"description\": \"Name of the pipeline.\",\n \"example\": \"Main Observability Pipeline\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"config\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"pipelines\",\n \"description\": \"The resource type identifier. For pipeline resources, this should always be set to `pipelines`.\",\n \"example\": \"pipelines\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"type\",\n \"attributes\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"data\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"required\": true\n}",
"use_request_body_schema_mode": true,
"validate_request_body_schema": true
}
}