Create a configuration template
Configuration templates allow you to create a library of NXLog Agent configurations. You can assign a template to multiple NXLog Agent instances, simplifying configuration management. A template can contain a complete NXLog Agent configuration or a partial configuration snippet you can combine with other templates to build a full configuration. For more information, see Configuration templates and Create a configuration template in the NXLog Platform User Guide.
Prerequisites
-
Your NXLog Platform organization ID.
-
An NXLog Platform API Personal Access Token (PAT).
About creating templates
A POST
request to the templates
endpoint creates a new configuration template.
The command requires a Template
object specifying one of the following:
-
The static configuration.
$ curl --verbose --request POST \ --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \ --header "Authorization: Bearer {TOKEN}" \ --header "Content-Type: application/json" \ --header "Accept: */*" \ --data '{"name": "{TEMPLATE_NAME}", "content": "{AGENT_CONFIG}"}'
-
A list of existing template UUIDs in the order they should be included in the new template.
$ curl --verbose --request POST \ --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \ --header "Authorization: Bearer {TOKEN}" \ --header "Content-Type: application/json" \ --header "Accept: */*" \ --data '{"name": "{TEMPLATE_NAME}", "parts": ["{TEMPLATE_UUID}", "{TEMPLATE_UUID}"]}'
You cannot delete a template that is a part of another template. You must remove it from all other templates to delete it.
If successful, the command returns 200 OK
and the new template UUID.
Create a configuration template
This example creates a template with a configuration snippet to collect Microsoft Windows events.
It also applies the input
and windows
tags to the template for easy identification.
POST /templates | |
---|---|
Entity type |
|
Request body |
|
Try it
Execute the following curl command or Python script to create a new configuration template.
curl
$ curl --verbose --request POST \
--url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1)
--header "Authorization: Bearer {TOKEN}" \(2)
--header "Content-Type: application/json" \
--header "Accept: */*" \
--data '{"name": "Windows-evt", "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n", "tags": ["input", "windows"]}'
1 | Replace example.com with the NXLog Platform domain you specified when installing NXLog Platform and {ORG_ID} with your organization ID. |
2 | Replace {TOKEN} with your API token.
See Generating a token for instructions. |
Python
'''
Requires Python 3.x
'''
import requests
import json
# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)
endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
'Authorization': 'Bearer {}'.format(api_token),
'Content-Type': 'application/json',
'Accept': '*/*'
}
payload = {'name': 'Windows-evt', 'content': '<Input windows_events>\nModule im_msvistalog\n</Input>\n', 'tags': ['input', 'windows']}
r = requests.post(url, headers=headers, data=json.dumps(payload))
if r.status_code == 200:
print('Status: {}'.format(r.status_code))
print('Template UUID: {}'.format(r.text))
else:
print('Error: {} {}'.format(r.status_code, r.text))
1 | Replace <API_TOKEN> with your API token.
See Generating a token for instructions. |
2 | Replace <DOMAIN> with the NXLog Platform domain you specified when installing NXLog Platform. |
3 | Replace <ORG_ID> with your organization ID. |
Example response
Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df
Build a configuration from multiple templates
You can build a configuration template by combining existing templates.
To do so, you need the UUIDs of the templates you want to use.
This example creates a template from existing templates with their name starting with Windows-
.
The API supports a maximum of one nesting level. Therefore, a template consisting of other templates cannot be part of another template. |
GET /templates/*/id?filter=(name LIKE 'Windows-%') | |
---|---|
Entity type |
|
Entity UUID |
|
Field |
|
Filter |
|
POST /templates | |
---|---|
Entity type |
|
Request body |
|
Try it
Execute the following curl commands or Python script to create a confguration template from existing ones.
curl
- Get the UUIDs of the existing templates
-
$ curl --verbose --request GET \ --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates/*/id?filter=(name%20LIKE%20'Windows-%25')" \(1) --header "Authorization: Bearer {TOKEN}" (2)
1 Replace example.com
with the NXLog Platform domain you specified when installing NXLog Platform and{ORG_ID}
with your organization ID.2 Replace {TOKEN}
with your API token. See Generating a token for instructions. - Create the template
-
$ curl --verbose --request POST \ --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1) --header "Authorization: Bearer {TOKEN}" \(2) --header "Content-Type: application/json" \ --header "Accept: */*" \ --data '{"name": "Windows log sources", "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"]}' (3)
1 Replace example.com
with the NXLog Platform domain you specified when installing NXLog Platform and{ORG_ID}
with your organization ID.2 Replace {TOKEN}
with your API token. See Generating a token for instructions.3 Replace the template UUIDs with the ones you retrieved above.
Python
'''
Requires Python 3.x
'''
import requests
import json
# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)
endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
'Authorization': 'Bearer {}'.format(api_token),
}
query = '*/id?filter=(name LIKE "Windows-%")'
r = requests.get('{}/{}'.format(url, query), headers=headers)
if r.status_code == 200:
templates = r.json()
if (len(templates) > 0):
headers['Content-Type'] = 'application/json'
headers['Accept'] = '*/*'
payload = {'name': 'Windows log sources', 'parts': templates}
r = requests.post(url, headers=headers, data=json.dumps(payload))
if r.status_code == 200:
print('Status: {}'.format(r.status_code))
print('Template UUID: {}'.format(r.text))
else:
print('Error: {} {}'.format(r.status_code, r.text))
else:
print("No matching templates found")
else:
print('Error: {} {}'.format(r.status_code, r.text))
1 | Replace <API_TOKEN> with your API token.
See Generating a token for instructions. |
2 | Replace <DOMAIN> with the NXLog Platform domain you specified when installing NXLog Platform. |
3 | Replace <ORG_ID> with your organization ID. |
Example response
Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df