Create a configuration template

Configuration templates allow you to create a library of NXLog Agent configurations. You can assign a template to multiple NXLog Agent instances, simplifying configuration management. A template can contain a complete NXLog Agent configuration or a partial configuration snippet you can combine with other templates to build a full configuration. For more information, see Configuration templates and Create a configuration template in the NXLog Platform User Guide.

Prerequisites

Your NXLog Platform organization ID.
An NXLog Platform API Personal Access Token (PAT).

About creating templates

A POST request to the templates endpoint creates a new configuration template. The command requires a Template object specifying one of the following:

The static configuration.

$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \
       --header "Authorization: Bearer {TOKEN}" \
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "{TEMPLATE_NAME}", "content": "{AGENT_CONFIG}"}'

A list of existing template UUIDs in the order they should be included in the new template.

$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \
       --header "Authorization: Bearer {TOKEN}" \
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "{TEMPLATE_NAME}", "parts": ["{TEMPLATE_UUID}", "{TEMPLATE_UUID}"]}'

You cannot delete a template that is a part of another template. You must remove it from all other templates to delete it.

If successful, the command returns 200 OK and the new template UUID.

Create a configuration template

This example creates a template with a configuration snippet to collect Microsoft Windows events. It also applies the input and windows tags to the template for easy identification.

POST /templates

POST /templates
Entity type	`templates`
Request body	`{ "name": "Windoes-evt", "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n", "tags": ["input", "windows"] }`

Entity type

templates

Request body

{
  "name": "Windoes-evt",
  "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n",
  "tags": ["input", "windows"]
}

Try it

Execute the following curl command or Python script to create a new configuration template.

curl

$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1)
       --header "Authorization: Bearer {TOKEN}" \(2)
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "Windows-evt", "content": "<Input windows_events>\nModule im_msvistalog\n</Input>\n", "tags": ["input", "windows"]}'

1	Replace `example.com` with the NXLog Platform domain you specified when installing NXLog Platform and `{ORG_ID}` with your organization ID.
2	Replace `{TOKEN}` with your API token. See Generating a token for instructions.

Python

'''
Requires Python 3.x
'''

import requests
import json

# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)

endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
    'Authorization': 'Bearer {}'.format(api_token),
    'Content-Type': 'application/json',
    'Accept': '*/*'
}

payload = {'name': 'Windows-evt', 'content': '<Input windows_events>\nModule im_msvistalog\n</Input>\n', 'tags': ['input', 'windows']}
r = requests.post(url, headers=headers, data=json.dumps(payload))

if r.status_code == 200:
    print('Status: {}'.format(r.status_code))
    print('Template UUID: {}'.format(r.text))
else:
    print('Error: {} {}'.format(r.status_code, r.text))

1	Replace `{TOKEN}` with your API token. See Generating a token for instructions.
2	Replace `<DOMAIN>` with the NXLog Platform domain you specified when installing NXLog Platform.
3	Replace `<ORG_ID>` with your organization ID.

Example response

Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df

Build a configuration from multiple templates

You can build a configuration template by combining existing templates. To do so, you need the UUIDs of the templates you want to use. This example creates a template from existing templates with their name starting with Windows-.

The API supports a maximum of one nesting level. Therefore, a template consisting of other templates cannot be part of another template.

GET /templates/*/id?filter=(name LIKE 'Windows-%')

GET /templates/*/id?filter=(name LIKE 'Windows-%')
Entity type	`templates`
Entity UUID	`*`
Field	`id`
Filter	`(name LIKE 'Windows-%')`

Entity type

templates

Entity UUID

*

Field

id

Filter

(name LIKE 'Windows-%')

POST /templates

POST /templates
Entity type	`templates`
Request body	`{ "name": "All Windows events", "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"] }`

Entity type

templates

Request body

{
  "name": "All Windows events",
  "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"]
}

Try it

Execute the following curl commands or Python script to create a confguration template from existing ones.

curl

Get the UUIDs of the existing templates

$ curl --verbose --request GET \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates/*/id?filter=(name%20LIKE%20'Windows-%25')" \(1)
       --header "Authorization: Bearer {TOKEN}" (2)

1	Replace `example.com` with the NXLog Platform domain you specified when installing NXLog Platform and `{ORG_ID}` with your organization ID.
2	Replace `{TOKEN}` with your API token. See Generating a token for instructions.

Create the template

$ curl --verbose --request POST \
       --url "https://agents.example.com/api/{ORG_ID}/api/v1/templates" \(1)
       --header "Authorization: Bearer {TOKEN}" \(2)
       --header "Content-Type: application/json" \
       --header "Accept: */*" \
       --data '{"name": "Windows log sources", "parts": ["4bddf35e-99f4-11ef-800e-eae9743d8daa", "34a11f77-99f4-11ef-800d-340c29e52f9c"]}' (3)

1	Replace `example.com` with the NXLog Platform domain you specified when installing NXLog Platform and `{ORG_ID}` with your organization ID.
2	Replace `{TOKEN}` with your API token. See Generating a token for instructions.
3	Replace the template UUIDs with the ones you retrieved above.

Python

'''
Requires Python 3.x
'''

import requests
import json

# Set these variables for your environment
api_token = '<API_TOKEN>' (1)
base_url = 'https://agents.<DOMAIN>/api' (2)
org = '<ORG_ID>' (3)

endpoint = 'api/v1/templates'
url = '{}/{}/{}'.format(base_url, org, endpoint)
headers = {
    'Authorization': 'Bearer {}'.format(api_token),
}

query = '*/id?filter=(name LIKE "Windows-%")'
r = requests.get('{}/{}'.format(url, query), headers=headers)
if r.status_code == 200:
    templates = r.json()    
    if (len(templates) > 0):
        headers['Content-Type'] = 'application/json'
        headers['Accept'] = '*/*'
        payload = {'name': 'Windows log sources', 'parts': templates}
        r = requests.post(url, headers=headers, data=json.dumps(payload))
    
        if r.status_code == 200:
            print('Status: {}'.format(r.status_code))
            print('Template UUID: {}'.format(r.text))
        else:
            print('Error: {} {}'.format(r.status_code, r.text))
    else:
        print("No matching templates found")
else:
    print('Error: {} {}'.format(r.status_code, r.text))

1	Replace `{TOKEN}` with your API token. See Generating a token for instructions.
2	Replace `<DOMAIN>` with the NXLog Platform domain you specified when installing NXLog Platform.
3	Replace `<ORG_ID>` with your organization ID.

Example response

Status: 200
Template UUID: 745908b9-99c7-11ef-8007-72731771e0df