keep extractions
Extraction create
Create a extraction rule.
Usage
Usage: keep extraction create [OPTIONS]
Options
-
name- Type: STRING
- Default: “
- Usage:
--name <extraction-name>
The name of the extraction.
-
description- Type: STRING
- Default: “
- Usage:
--description <extraction-description>
The description of the extraction.
-
priority- Type: INTEGER RANGE
- Default:
0 - Usage:
--priority <priority>
The priority of the extraction, higher priority means this rule will execute first.
0<=x<=100. -
pre- Type: BOOL
- Default:
false - Usage:
--pre <pre>
Whether this rule should be applied before or after the alert is standardized
-
attribute- Type: STRING
- Default: “
- Usage:
--attribute <extraction-attribute>
Event attribute name to extract from.
-
regex- Type: STRING
- Default: “
- Usage:
--attribute <regex-regex>
The regex rule to extract by. Regex format should be like python regex pattern for group matching.
-
condition- Type: STRING
- Default: “
- Usage:
--condition <condition-attribute>
CEL based condition.
-
help:- Type: BOOL
- Default:
false - Usage:
--help
Show this message and exit.
CLI Help
Usage: cli.py extraction create [OPTIONS]
Create a extraction rule.
Options:
-n, --name TEXT The name of the extraction. [required]
-d, --description TEXT The description of the extraction.
-p, --priority INTEGER RANGE The priority of the extraction, higher
priority means this rule will execute first.
[0<=x<=100]
--pre BOOLEAN Whether this rule should be applied before or
after the alert is standardized.
-a, --attribute TEXT Event attribute name to extract from.
[required]
-r, --regex TEXT The regex rule to extract by. Regex format
should be like python regex pattern for group
matching. [required]
-c, --condition TEXT CEL based condition. [required]
--help Show this message and exit.