CoCalc -- example.yaml

GitHub Repository: Azure/Azure-Sentinel-Notebooks
Path: blob/master/tutorials-and-examples/feature-tutorials/data/example.yaml
³²⁵⁵ views

1
metadata:
2
  version: 1
3
  description: Linux Syslog Example Queries
4
  data_environments: [LogAnalytics]
5
  data_families: [LinuxSyslog]
6
  tags: ['linux', 'syslog', 'example']
7
defaults:
8
  metadata:
9
    data_source: 'linux_syslog'
10
  parameters:
11
      table:
12
        description: Table name
13
        type: str
14
        default: 'Syslog'
15
      start:
16
        description: Query start time
17
        type: datetime
18
      end:
19
        description: Query end time
20
        type: datetime
21
      add_query_items:
22
        description: Additional query clauses
23
        type: str
24
        default: ''
25
      subscription_filter:
26
        description: Optional subscription/tenant filter expression
27
        type: str
28
        default: 'true'
29
      query_project:
30
        description: Column project statement
31
        type: str
32
        default: '
33
          | project
34
            TenantId,
35
            Computer,
36
            Facility,
37
            TimeGenerated,
38
            HostName,
39
            SeverityLevel,
40
            SyslogMessage,
41
            ProcessID,
42
            ProcessName,
43
            HostIP,
44
          | extend TimeCreatedUtc=TimeGenerated'
45
sources:
46
  syslog_example:
47
    description: Example query
48
    args:
49
      query: '
50
        {table}
51
        | where {subscription_filter}
52
        | where TimeGenerated >= datetime({start})
53
        | where TimeGenerated <= datetime({end})
54
        | where Computer == "{host_name}"
55
        | take 5'
56
    parameters:
57
      host_name:
58
        description: Hostname to query for
59
        type: str
60
  
61

Product

Resources

Company