Create a configuration template

Configuration templates allow you to create a library of NXLog Agent configurations. You can assign a template to multiple NXLog Agent instances, simplifying configuration management. A template can contain a complete NXLog Agent configuration or a partial configuration snippet you can combine with other templates to build a full configuration. For more information, see Configuration templates and Create a configuration template in the NXLog Platform User Guide.

Prerequisites

About creating templates

A POST request to the templates endpoint creates a new configuration template. The command requires a Template object specifying one of the following:

  • The static configuration.

    $ curl --verbose --request POST \
           --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \
           --header "Authorization: Bearer {TOKEN}" \
           --header "Content-Type: application/json" \
           --header "Accept: */*" \
           --data '{"name": "{TEMPLATE_NAME}", "content": "{AGENT_CONFIG}"}'
  • A list of existing template UUIDs in the order they should be included in the new template.

    $ curl --verbose --request POST \
           --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \
           --header "Authorization: Bearer {TOKEN}" \
           --header "Content-Type: application/json" \
           --header "Accept: */*" \
           --data '{"name": "{TEMPLATE_NAME}", "parts": ["{TEMPLATE_UUID}", "{TEMPLATE_UUID}"]}'
    You cannot delete a template that is a part of another template. You must remove it from all other templates to delete it.

If successful, the command returns 200 OK and the new template UUID.

Create a configuration template

This example creates a template with a configuration snippet to collect Microsoft Windows events. It also applies the input and windows tags to the template for easy identification.

POST /templates

Entity type

templates

Request body

{
  "name": "Windows-evt",
  "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n",
  "tags": ["input", "windows"]
}

Try it

Execute the following curl command or Python script to create a new configuration template.

curl
$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1)
       --header "Authorization: Bearer {TOKEN}" \(2)
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "Windows-evt", "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n", "tags": ["input", "windows"]}'
1 Replace example.com with the NXLog Platform domain you specified when installing NXLog Platform and {ORG_ID} with your organization ID.
2 Replace {TOKEN} with your API token. See Generating a token for instructions.
Python
'''
Requires Python 3.x
'''

import requests
import json

# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)

endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
    'Authorization': 'Bearer {}'.format(api_token),
    'Content-Type': 'application/json',
    'Accept': '*/*'
}

payload = {'name': 'Windows-evt', 'content': '<Input windows_events>\nModule im_msvistalog\n</Input>\n', 'tags': ['input', 'windows']}
r = requests.post(url, headers=headers, data=json.dumps(payload))

if r.status_code == 200:
    print('Status: {}'.format(r.status_code))
    print('Template UUID: {}'.format(r.text))
else:
    print('Error: {} {}'.format(r.status_code, r.text))
1 Replace <API_TOKEN> with your API token. See Generating a token for instructions.
2 Replace <DOMAIN> with the NXLog Platform domain you specified when installing NXLog Platform.
3 Replace <ORG_ID> with your organization ID.
Example response
Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df

Build a configuration from multiple templates

You can build a configuration template by combining existing templates. To do so, you need the UUIDs of the templates you want to use. This example creates a template from existing templates with their name starting with Windows-.

The API supports a maximum of one nesting level. Therefore, a template consisting of other templates cannot be part of another template.
GET /templates/*/id?filter=(name LIKE 'Windows-%')

Entity type

templates

Entity UUID

*

Field

id

Filter

(name LIKE 'Windows-%')

POST /templates

Entity type

templates

Request body

{
  "name": "All Windows events",
  "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"]
}

Try it

Execute the following curl commands or Python script to create a confguration template from existing ones.

curl
Get the UUIDs of the existing templates

$ curl --verbose --request GET \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates/*/id?filter=(name%20LIKE%20'Windows-%25')" \(1)
       --header "Authorization: Bearer {TOKEN}" (2)
1 Replace example.com with the NXLog Platform domain you specified when installing NXLog Platform and {ORG_ID} with your organization ID.
2 Replace {TOKEN} with your API token. See Generating a token for instructions.
Create the template

$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1)
       --header "Authorization: Bearer {TOKEN}" \(2)
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "Windows log sources", "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"]}' (3)
1 Replace example.com with the NXLog Platform domain you specified when installing NXLog Platform and {ORG_ID} with your organization ID.
2 Replace {TOKEN} with your API token. See Generating a token for instructions.
3 Replace the template UUIDs with the ones you retrieved above.
Python
'''
Requires Python 3.x
'''

import requests
import json

# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)

endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
    'Authorization': 'Bearer {}'.format(api_token),
}

query = '*/id?filter=(name LIKE "Windows-%")'
r = requests.get('{}/{}'.format(url, query), headers=headers)
if r.status_code == 200:
    templates = r.json()    
    if (len(templates) > 0):
        headers['Content-Type'] = 'application/json'
        headers['Accept'] = '*/*'
        payload = {'name': 'Windows log sources', 'parts': templates}
        r = requests.post(url, headers=headers, data=json.dumps(payload))
    
        if r.status_code == 200:
            print('Status: {}'.format(r.status_code))
            print('Template UUID: {}'.format(r.text))
        else:
            print('Error: {} {}'.format(r.status_code, r.text))
    else:
        print("No matching templates found")
else:
    print('Error: {} {}'.format(r.status_code, r.text))
1 Replace <API_TOKEN> with your API token. See Generating a token for instructions.
2 Replace <DOMAIN> with the NXLog Platform domain you specified when installing NXLog Platform.
3 Replace <ORG_ID> with your organization ID.
Example response
Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df