updateEventsAnalyserPartitionOverrides

A Graze API POST request that updates the Events Analyser with the supplied partition overrides information. This endpoint overwrites any existing partition overrides.

If you use partitions in the Events Analyser configuration, the endpoint enables you to specify overrides for specific partitions. These settings override the default configuration you have specified in the arguments in the endpoint updateEventsAnalyserConfig or in the Moogsoft Enterprise UI. For example, the default Events Analyser configuration may not use priority words but for one partition, London, you might want to enable priority words and set the priority word list to 'NEW_YORK' and 'LONDON'. If a partition does not have any overrides, or a property is not set for a partition, the Events Analyser uses the values in the default configuration.

Use updateEventsAnalyserConfig to set the partition_by parameter to enable the Events Analyser to calculate entropy by partitions.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint updateEventsAnalyserPartitionOverrides takes the following request arguments. If an argument is empty or set to null it is set to null in the database.

Name

Type

Required

Description

auth_token

String

Yes

A valid auth_token returned from the authenticate request. See the authenticate endpoint for more information.

partition_overrides

JSON Object

Yes

A JSON object containing all the partition override information that you want to create.

The partition_overrides object has the following format. For any partitions, define the arguments where you want to override the default Events Analyser configuration.

Name

Type

Required

Description

mask

JSON Object

No

Defines which token types the Events Analyser includes or excludes from its entropy calculation for this partition. If a token type is set to false, the entropy calculation includes it. If it is set to true, the entropy calculation excludes the token type. Masking token types, such as dates or numbers, ensures that tokens are not given a higher entropy value than they should have because of unique numbers or dates.

stop_words

Boolean

No

Indicates whether or not the Events Analyser uses stop words for this partition. Stop words are small common words such as 'about', 'at', or 'the'. The Events Analyser automatically excludes stop words from its entropy calculation. Set to true to use stop words. Set to false if you do not want to use stop words.

stop_words_list

JSON Array of Strings

No

List of stop words that you want the Events Analyser to ignore in its entropy calculation for this partition.

stop_word_length

Number

No

Maximum length of words that are automatically excluded by the Events Analyser from its entropy calculation for this partition. For example, a value of 3 means the Events Analyser excludes any words of three or less characters.

priority_words

Boolean

No

Indicates whether or not the Events Analyser uses priority words in its entropy calculation for this partition. The Events Analyser automatically gives alerts containing any priority words an entropy value of 1. Set to true to use priority words. Set to false if you do not want to use priority words.

priority_words_list

JSON Array of Strings

No

List of priority words that you want the Events Analyser to automatically assign an entropy value of 1 in its entropy calculation for this partition.

fields

JSON Array of Strings

No

Properties in each event that contribute to the entropy calculation for this partition. Moogsoft recommends specifying a single field only.

casefold

JSON Object

No

Indicates whether the Events Analyser should consider tokens that differ only by case in its entropy calculation for this partition. Set to true to consider tokens in a different case as the same. Set to false to consider tokens in a different case as different.

stemming

Boolean

No

Indicates whether the Events Analyser considers words with the same word stem as the same word in its entropy calculation for this partition. For example, should the Events Analyser consider 'fail', 'failed' and 'failing' as the same word. Set to true to consider words with the same word stem as the same. Set to false to consider words with the same word stem as different.

stemming_language

String

No

Language used in the events.

Response

Endpoint updateEventsAnalyserPartitionOverrides returns the following response:

Examples

The following examples demonstrate typical use of endpoint updateEventsAnalyserPartitionOverrides:

Request example

Example cURL request to update the Events Analyser with partition overrides for two partitions, 'NEW_YORK' and 'LONDON':

curl -X POST -u graze:graze -k -v "https://localhost/graze/v1/updateEventsAnalyserPartitionOverrides" -H "Content-Type: application/json; charset=UTF-8" -d \
'{ \
    "partition_overrides": "{ \
        "NEW_YORK": { \
            "fields": ["description"], \
            "casefold": true, \
            "stop_words": false, \
            "priority_words": false, \
            "stop_word_length": 3 \
        }, \
        "LONDON": { \
            "mask": { \
                "date_time": false, \
                "ip_address": true \
            }, \
            "stemming": true, \
            "stop_words": true, \
            "priority_words": true, \
            "stop_words_list": ["france","germany","italy","peru","india","japan","korea"], \
            "stop_word_length": 1, \
            "priority_words_list": ["reboot","shutdown"] \
        } \
    }" \
}'

Response example