Create a Blacklist¶
POST /api/v1/blacklist/add
Overview¶
Create a blacklist
Route Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Name (Added in iteration on 2024-11-27) Allow null: False Allow empty string: False Maximum length: 50 |
| desc | string | Y | Description (Added in iteration on 2024-11-27) Example: Description1 Allow null: False Allow empty string: True Maximum length: 256 |
| type | string | Y | Blacklist type, enumerated values are ('object', 'custom_object', 'logging', 'keyevent', 'tracing', 'rum', 'network', 'security', 'profiling', 'metric') Allow null: False |
| source | string | Y | Data source, when all sources are used, source is re(.*)Allow null: True Allow empty string: False Max character length: 128 |
| sources | array | Y | Data source, use this field for multiple sources, not all sources (use source field re(.*) for all sources)Allow null: True |
| filters | array | Y | Filtering conditions Allow null: True |
Additional Parameter Notes¶
1. Request Body Field Descriptions
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Name (Added in iteration on 2024-11-27) |
| desc | string | N | Description (Added in iteration on 2024-11-27) |
| type | string | Y | Enumerated values ('object', 'custom_object', 'logging', 'keyevent', 'tracing', 'rum', 'network', 'security', 'profiling', 'metric') |
| source | string | N | Data source, all sources, at this time source is re(.*) |
| sources | array | N | Data source, field added in the iteration on 2024-10-16, supports multiple source selections. When the source is not all sources, this field can be used, sources has priority over the source field |
| filter | array | N | Filtering conditions |
2. Source Field Description
When generating filtering conditions for the blacklist, the key of the source field will be replaced based on the type
| Type | Key corresponding to the source field when generating filtering conditions |
|---|---|
| object | class |
| logging | source |
| custom_object | class |
| keyevent | source |
| tracing | service |
| rum | app_id |
| network | source |
| security | category |
| profiling | service |
| metric | measurement |
3. Filters Array Element Field Descriptions
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | N | Filter condition name |
| operation | string | N | Operation such as in, not_in, match, not_match |
| condition | string | N | DQL formatted filtering condition |
| values | array | N | Specific query condition values |
4. Operation Description Refer to Line Protocol Filters https://docs.guance.com/datakit/datakit-filter/
| Key | Description |
|---|---|
| in | Specified field is in the list |
| not_in | Specified field is not in the list |
| match | Regular expression match |
| not_match | Regular expression does not match |
Filters Example
[
{
"name": "host",
"value": [
"host1", "host2"
],
"operation": "in",
"condition": "and"
},
{
"name": "status",
"value": [
"a*"
],
"operation": "match",
"condition": "and"
}
]
Request Example¶
curl 'https://openapi.guance.com/api/v1/blacklist/add' \
-H 'DF-API-KEY: <DF-API-KEY>' \
-H 'Content-Type: application/json;charset=UTF-8' \
--data-raw '{"name":"Rule1","desc":"","type":"logging","source":"kodo-log","filters":[{"name":"host","value":["127.0.0.1"],"operation":"in","condition":"and"}]}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "{ source = 'kodo-log' and ( host in [ '127.0.0.1' ] )}",
"createAt": 1678029404,
"creator": "xxxx",
"deleteAt": -1,
"desc": "",
"filters": [
{
"condition": "and",
"name": "host",
"operation": "in",
"value": [
"127.0.0.1"
]
}
],
"id": null,
"name": "Rule1",
"source": "kodo-log",
"status": 0,
"type": "logging",
"updateAt": 1678029404,
"updator": "xxxx",
"uuid": "blist_xxxx32",
"workspaceUUID": "wksp_xxxx32"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-1C3DFE84-E7AD-4956-B363-8BB7EB3CD5A4"
}