Sumo Logic v1.0.7, Apr 11 25

Sumo Logic v1.0.7 published on Friday, Apr 11, 2025 by Pulumi

sumologic.LogSearch

Explore with Pulumi AI

Sumo Logic v1.0.7 published on Friday, Apr 11, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";

const personalFolder = sumologic.getPersonalFolder({});
const exampleLogSearch = new sumologic.LogSearch("example_log_search", {
    name: "Demo Search",
    description: "Demo search description",
    parentId: personalFolder.then(personalFolder => personalFolder.id),
    queryString: `        _sourceCategory=api
        | parse "parameter1=*," as parameter1
        | parse "parameter2=*," as parameter2
        | where parameter1 matches {{param1}}
        | where parameter2 matches {{param2}}
        | count by _sourceHost
`,
    parsingMode: "AutoParse",
    runByReceiptTime: true,
    timeRange: {
        beginBoundedTimeRange: {
            from: {
                relativeTimeRange: {
                    relativeTime: "-30m",
                },
            },
        },
    },
    queryParameters: [
        {
            name: "param1",
            description: "Description for param1",
            dataType: "STRING",
            value: "*",
        },
        {
            name: "param2",
            description: "Description for param2",
            dataType: "STRING",
            value: "*",
        },
    ],
    schedule: {
        cronExpression: "0 0 * * * ? *",
        muteErrorEmails: false,
        notification: {
            emailSearchNotification: {
                includeCsvAttachment: false,
                includeHistogram: false,
                includeQuery: true,
                includeResultSet: true,
                subjectTemplate: "Search Alert: {{TriggerCondition}} found for {{SearchName}}",
                toLists: ["will@acme.com"],
            },
        },
        parseableTimeRange: {
            beginBoundedTimeRange: {
                from: {
                    relativeTimeRange: {
                        relativeTime: "-15m",
                    },
                },
            },
        },
        scheduleType: "1Week",
        threshold: {
            count: 10,
            operator: "gt",
            thresholdType: "group",
        },
        timeZone: "America/Los_Angeles",
        parameters: [
            {
                name: "param1",
                value: "*",
            },
            {
                name: "param2",
                value: "*",
            },
        ],
    },
});

import pulumi
import pulumi_sumologic as sumologic

personal_folder = sumologic.get_personal_folder()
example_log_search = sumologic.LogSearch("example_log_search",
    name="Demo Search",
    description="Demo search description",
    parent_id=personal_folder.id,
    query_string="""        _sourceCategory=api
        | parse "parameter1=*," as parameter1
        | parse "parameter2=*," as parameter2
        | where parameter1 matches {{param1}}
        | where parameter2 matches {{param2}}
        | count by _sourceHost
""",
    parsing_mode="AutoParse",
    run_by_receipt_time=True,
    time_range={
        "begin_bounded_time_range": {
            "from_": {
                "relative_time_range": {
                    "relative_time": "-30m",
                },
            },
        },
    },
    query_parameters=[
        {
            "name": "param1",
            "description": "Description for param1",
            "data_type": "STRING",
            "value": "*",
        },
        {
            "name": "param2",
            "description": "Description for param2",
            "data_type": "STRING",
            "value": "*",
        },
    ],
    schedule={
        "cron_expression": "0 0 * * * ? *",
        "mute_error_emails": False,
        "notification": {
            "email_search_notification": {
                "include_csv_attachment": False,
                "include_histogram": False,
                "include_query": True,
                "include_result_set": True,
                "subject_template": "Search Alert: {{TriggerCondition}} found for {{SearchName}}",
                "to_lists": ["will@acme.com"],
            },
        },
        "parseable_time_range": {
            "begin_bounded_time_range": {
                "from_": {
                    "relative_time_range": {
                        "relative_time": "-15m",
                    },
                },
            },
        },
        "schedule_type": "1Week",
        "threshold": {
            "count": 10,
            "operator": "gt",
            "threshold_type": "group",
        },
        "time_zone": "America/Los_Angeles",
        "parameters": [
            {
                "name": "param1",
                "value": "*",
            },
            {
                "name": "param2",
                "value": "*",
            },
        ],
    })

package main

import (
	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		personalFolder, err := sumologic.GetPersonalFolder(ctx, &sumologic.GetPersonalFolderArgs{}, nil)
		if err != nil {
			return err
		}
		_, err = sumologic.NewLogSearch(ctx, "example_log_search", &sumologic.LogSearchArgs{
			Name:        pulumi.String("Demo Search"),
			Description: pulumi.String("Demo search description"),
			ParentId:    pulumi.String(personalFolder.Id),
			QueryString: pulumi.String(`        _sourceCategory=api
        | parse "parameter1=*," as parameter1
        | parse "parameter2=*," as parameter2
        | where parameter1 matches {{param1}}
        | where parameter2 matches {{param2}}
        | count by _sourceHost
`),
			ParsingMode:      pulumi.String("AutoParse"),
			RunByReceiptTime: pulumi.Bool(true),
			TimeRange: &sumologic.LogSearchTimeRangeArgs{
				BeginBoundedTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeArgs{
					From: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromArgs{
						RelativeTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs{
							RelativeTime: pulumi.String("-30m"),
						},
					},
				},
			},
			QueryParameters: sumologic.LogSearchQueryParameterArray{
				&sumologic.LogSearchQueryParameterArgs{
					Name:        pulumi.String("param1"),
					Description: pulumi.String("Description for param1"),
					DataType:    pulumi.String("STRING"),
					Value:       pulumi.String("*"),
				},
				&sumologic.LogSearchQueryParameterArgs{
					Name:        pulumi.String("param2"),
					Description: pulumi.String("Description for param2"),
					DataType:    pulumi.String("STRING"),
					Value:       pulumi.String("*"),
				},
			},
			Schedule: &sumologic.LogSearchScheduleArgs{
				CronExpression:  pulumi.String("0 0 * * * ? *"),
				MuteErrorEmails: pulumi.Bool(false),
				Notification: &sumologic.LogSearchScheduleNotificationArgs{
					EmailSearchNotification: &sumologic.LogSearchScheduleNotificationEmailSearchNotificationArgs{
						IncludeCsvAttachment: pulumi.Bool(false),
						IncludeHistogram:     pulumi.Bool(false),
						IncludeQuery:         pulumi.Bool(true),
						IncludeResultSet:     pulumi.Bool(true),
						SubjectTemplate:      pulumi.String("Search Alert: {{TriggerCondition}} found for {{SearchName}}"),
						ToLists: pulumi.StringArray{
							pulumi.String("will@acme.com"),
						},
					},
				},
				ParseableTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeArgs{
					BeginBoundedTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs{
						From: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs{
							RelativeTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs{
								RelativeTime: pulumi.String("-15m"),
							},
						},
					},
				},
				ScheduleType: pulumi.String("1Week"),
				Threshold: &sumologic.LogSearchScheduleThresholdArgs{
					Count:         pulumi.Int(10),
					Operator:      pulumi.String("gt"),
					ThresholdType: pulumi.String("group"),
				},
				TimeZone: pulumi.String("America/Los_Angeles"),
				Parameters: sumologic.LogSearchScheduleParameterArray{
					&sumologic.LogSearchScheduleParameterArgs{
						Name:  pulumi.String("param1"),
						Value: pulumi.String("*"),
					},
					&sumologic.LogSearchScheduleParameterArgs{
						Name:  pulumi.String("param2"),
						Value: pulumi.String("*"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;

return await Deployment.RunAsync(() => 
{
    var personalFolder = SumoLogic.GetPersonalFolder.Invoke();

    var exampleLogSearch = new SumoLogic.LogSearch("example_log_search", new()
    {
        Name = "Demo Search",
        Description = "Demo search description",
        ParentId = personalFolder.Apply(getPersonalFolderResult => getPersonalFolderResult.Id),
        QueryString = @"        _sourceCategory=api
        | parse ""parameter1=*,"" as parameter1
        | parse ""parameter2=*,"" as parameter2
        | where parameter1 matches {{param1}}
        | where parameter2 matches {{param2}}
        | count by _sourceHost
",
        ParsingMode = "AutoParse",
        RunByReceiptTime = true,
        TimeRange = new SumoLogic.Inputs.LogSearchTimeRangeArgs
        {
            BeginBoundedTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeArgs
            {
                From = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromArgs
                {
                    RelativeTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs
                    {
                        RelativeTime = "-30m",
                    },
                },
            },
        },
        QueryParameters = new[]
        {
            new SumoLogic.Inputs.LogSearchQueryParameterArgs
            {
                Name = "param1",
                Description = "Description for param1",
                DataType = "STRING",
                Value = "*",
            },
            new SumoLogic.Inputs.LogSearchQueryParameterArgs
            {
                Name = "param2",
                Description = "Description for param2",
                DataType = "STRING",
                Value = "*",
            },
        },
        Schedule = new SumoLogic.Inputs.LogSearchScheduleArgs
        {
            CronExpression = "0 0 * * * ? *",
            MuteErrorEmails = false,
            Notification = new SumoLogic.Inputs.LogSearchScheduleNotificationArgs
            {
                EmailSearchNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationEmailSearchNotificationArgs
                {
                    IncludeCsvAttachment = false,
                    IncludeHistogram = false,
                    IncludeQuery = true,
                    IncludeResultSet = true,
                    SubjectTemplate = "Search Alert: {{TriggerCondition}} found for {{SearchName}}",
                    ToLists = new[]
                    {
                        "will@acme.com",
                    },
                },
            },
            ParseableTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeArgs
            {
                BeginBoundedTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs
                {
                    From = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs
                    {
                        RelativeTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs
                        {
                            RelativeTime = "-15m",
                        },
                    },
                },
            },
            ScheduleType = "1Week",
            Threshold = new SumoLogic.Inputs.LogSearchScheduleThresholdArgs
            {
                Count = 10,
                Operator = "gt",
                ThresholdType = "group",
            },
            TimeZone = "America/Los_Angeles",
            Parameters = new[]
            {
                new SumoLogic.Inputs.LogSearchScheduleParameterArgs
                {
                    Name = "param1",
                    Value = "*",
                },
                new SumoLogic.Inputs.LogSearchScheduleParameterArgs
                {
                    Name = "param2",
                    Value = "*",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.SumologicFunctions;
import com.pulumi.sumologic.inputs.GetPersonalFolderArgs;
import com.pulumi.sumologic.LogSearch;
import com.pulumi.sumologic.LogSearchArgs;
import com.pulumi.sumologic.inputs.LogSearchTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchTimeRangeBeginBoundedTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromArgs;
import com.pulumi.sumologic.inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchQueryParameterArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleNotificationArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleNotificationEmailSearchNotificationArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleParseableTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs;
import com.pulumi.sumologic.inputs.LogSearchScheduleThresholdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var personalFolder = SumologicFunctions.getPersonalFolder(GetPersonalFolderArgs.builder()
            .build());

        var exampleLogSearch = new LogSearch("exampleLogSearch", LogSearchArgs.builder()
            .name("Demo Search")
            .description("Demo search description")
            .parentId(personalFolder.id())
            .queryString("""
        _sourceCategory=api
        | parse "parameter1=*," as parameter1
        | parse "parameter2=*," as parameter2
        | where parameter1 matches {{param1}}
        | where parameter2 matches {{param2}}
        | count by _sourceHost
            """)
            .parsingMode("AutoParse")
            .runByReceiptTime(true)
            .timeRange(LogSearchTimeRangeArgs.builder()
                .beginBoundedTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeArgs.builder()
                    .from(LogSearchTimeRangeBeginBoundedTimeRangeFromArgs.builder()
                        .relativeTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs.builder()
                            .relativeTime("-30m")
                            .build())
                        .build())
                    .build())
                .build())
            .queryParameters(            
                LogSearchQueryParameterArgs.builder()
                    .name("param1")
                    .description("Description for param1")
                    .dataType("STRING")
                    .value("*")
                    .build(),
                LogSearchQueryParameterArgs.builder()
                    .name("param2")
                    .description("Description for param2")
                    .dataType("STRING")
                    .value("*")
                    .build())
            .schedule(LogSearchScheduleArgs.builder()
                .cronExpression("0 0 * * * ? *")
                .muteErrorEmails(false)
                .notification(LogSearchScheduleNotificationArgs.builder()
                    .emailSearchNotification(LogSearchScheduleNotificationEmailSearchNotificationArgs.builder()
                        .includeCsvAttachment(false)
                        .includeHistogram(false)
                        .includeQuery(true)
                        .includeResultSet(true)
                        .subjectTemplate("Search Alert: {{TriggerCondition}} found for {{SearchName}}")
                        .toLists("will@acme.com")
                        .build())
                    .build())
                .parseableTimeRange(LogSearchScheduleParseableTimeRangeArgs.builder()
                    .beginBoundedTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs.builder()
                        .from(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs.builder()
                            .relativeTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs.builder()
                                .relativeTime("-15m")
                                .build())
                            .build())
                        .build())
                    .build())
                .scheduleType("1Week")
                .threshold(LogSearchScheduleThresholdArgs.builder()
                    .count(10)
                    .operator("gt")
                    .thresholdType("group")
                    .build())
                .timeZone("America/Los_Angeles")
                .parameters(                
                    LogSearchScheduleParameterArgs.builder()
                        .name("param1")
                        .value("*")
                        .build(),
                    LogSearchScheduleParameterArgs.builder()
                        .name("param2")
                        .value("*")
                        .build())
                .build())
            .build());

    }
}

resources:
  exampleLogSearch:
    type: sumologic:LogSearch
    name: example_log_search
    properties:
      name: Demo Search
      description: Demo search description
      parentId: ${personalFolder.id}
      queryString: |2
                _sourceCategory=api
                | parse "parameter1=*," as parameter1
                | parse "parameter2=*," as parameter2
                | where parameter1 matches {{param1}}
                | where parameter2 matches {{param2}}
                | count by _sourceHost
      parsingMode: AutoParse
      runByReceiptTime: true
      timeRange:
        beginBoundedTimeRange:
          from:
            relativeTimeRange:
              relativeTime: -30m
      queryParameters:
        - name: param1
          description: Description for param1
          dataType: STRING
          value: '*'
        - name: param2
          description: Description for param2
          dataType: STRING
          value: '*'
      schedule:
        cronExpression: 0 0 * * * ? *
        muteErrorEmails: false
        notification:
          emailSearchNotification:
            includeCsvAttachment: false
            includeHistogram: false
            includeQuery: true
            includeResultSet: true
            subjectTemplate: 'Search Alert: {{TriggerCondition}} found for {{SearchName}}'
            toLists:
              - will@acme.com
        parseableTimeRange:
          beginBoundedTimeRange:
            from:
              relativeTimeRange:
                relativeTime: -15m
        scheduleType: 1Week
        threshold:
          count: 10
          operator: gt
          thresholdType: group
        timeZone: America/Los_Angeles
        parameters:
          - name: param1
            value: '*'
          - name: param2
            value: '*'
variables:
  personalFolder:
    fn::invoke:
      function: sumologic:getPersonalFolder
      arguments: {}

Attributes reference

In addition to all arguments above, the following attributes are exported:

id - The ID of the log search.

Create LogSearch Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new LogSearch(name: string, args: LogSearchArgs, opts?: CustomResourceOptions);

@overload
def LogSearch(resource_name: str,
              args: LogSearchArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def LogSearch(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              parent_id: Optional[str] = None,
              query_string: Optional[str] = None,
              time_range: Optional[LogSearchTimeRangeArgs] = None,
              description: Optional[str] = None,
              name: Optional[str] = None,
              parsing_mode: Optional[str] = None,
              query_parameters: Optional[Sequence[LogSearchQueryParameterArgs]] = None,
              run_by_receipt_time: Optional[bool] = None,
              schedule: Optional[LogSearchScheduleArgs] = None)

func NewLogSearch(ctx *Context, name string, args LogSearchArgs, opts ...ResourceOption) (*LogSearch, error)

public LogSearch(string name, LogSearchArgs args, CustomResourceOptions? opts = null)

public LogSearch(String name, LogSearchArgs args)
public LogSearch(String name, LogSearchArgs args, CustomResourceOptions options)

type: sumologic:LogSearch
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LogSearchArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LogSearchArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LogSearchArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LogSearchArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LogSearchArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var logSearchResource = new SumoLogic.LogSearch("logSearchResource", new()
{
    ParentId = "string",
    QueryString = "string",
    TimeRange = new SumoLogic.Inputs.LogSearchTimeRangeArgs
    {
        BeginBoundedTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeArgs
        {
            From = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromArgs
            {
                EpochTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs
                {
                    EpochMillis = 0,
                },
                Iso8601TimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs
                {
                    Iso8601Time = "string",
                },
                LiteralTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs
                {
                    RangeName = "string",
                },
                RelativeTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs
                {
                    RelativeTime = "string",
                },
            },
            To = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToArgs
            {
                EpochTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs
                {
                    EpochMillis = 0,
                },
                Iso8601TimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs
                {
                    Iso8601Time = "string",
                },
                LiteralTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs
                {
                    RangeName = "string",
                },
                RelativeTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs
                {
                    RelativeTime = "string",
                },
            },
        },
        CompleteLiteralTimeRange = new SumoLogic.Inputs.LogSearchTimeRangeCompleteLiteralTimeRangeArgs
        {
            RangeName = "string",
        },
    },
    Description = "string",
    Name = "string",
    ParsingMode = "string",
    QueryParameters = new[]
    {
        new SumoLogic.Inputs.LogSearchQueryParameterArgs
        {
            DataType = "string",
            Name = "string",
            Value = "string",
            Description = "string",
        },
    },
    RunByReceiptTime = false,
    Schedule = new SumoLogic.Inputs.LogSearchScheduleArgs
    {
        Notification = new SumoLogic.Inputs.LogSearchScheduleNotificationArgs
        {
            AlertSearchNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationAlertSearchNotificationArgs
            {
                SourceId = "string",
            },
            CseSignalNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationCseSignalNotificationArgs
            {
                RecordType = "string",
            },
            EmailSearchNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationEmailSearchNotificationArgs
            {
                ToLists = new[]
                {
                    "string",
                },
                IncludeCsvAttachment = false,
                IncludeHistogram = false,
                IncludeQuery = false,
                IncludeResultSet = false,
                SubjectTemplate = "string",
            },
            SaveToLookupNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationSaveToLookupNotificationArgs
            {
                IsLookupMergeOperation = false,
                LookupFilePath = "string",
            },
            SaveToViewNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationSaveToViewNotificationArgs
            {
                ViewName = "string",
            },
            ServiceNowSearchNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationServiceNowSearchNotificationArgs
            {
                ExternalId = "string",
                Fields = new SumoLogic.Inputs.LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs
                {
                    EventType = "string",
                    Node = "string",
                    Resource = "string",
                    Severity = 0,
                },
            },
            WebhookSearchNotification = new SumoLogic.Inputs.LogSearchScheduleNotificationWebhookSearchNotificationArgs
            {
                WebhookId = "string",
                ItemizeAlerts = false,
                MaxItemizedAlerts = 0,
                Payload = "string",
            },
        },
        ParseableTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeArgs
        {
            BeginBoundedTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs
            {
                From = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs
                {
                    EpochTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs
                    {
                        EpochMillis = 0,
                    },
                    Iso8601TimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs
                    {
                        Iso8601Time = "string",
                    },
                    LiteralTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs
                    {
                        RangeName = "string",
                    },
                    RelativeTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs
                    {
                        RelativeTime = "string",
                    },
                },
                To = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs
                {
                    EpochTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs
                    {
                        EpochMillis = 0,
                    },
                    Iso8601TimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs
                    {
                        Iso8601Time = "string",
                    },
                    LiteralTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs
                    {
                        RangeName = "string",
                    },
                    RelativeTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs
                    {
                        RelativeTime = "string",
                    },
                },
            },
            CompleteLiteralTimeRange = new SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs
            {
                RangeName = "string",
            },
        },
        ScheduleType = "string",
        TimeZone = "string",
        CronExpression = "string",
        MuteErrorEmails = false,
        Parameters = new[]
        {
            new SumoLogic.Inputs.LogSearchScheduleParameterArgs
            {
                Name = "string",
                Value = "string",
            },
        },
        Threshold = new SumoLogic.Inputs.LogSearchScheduleThresholdArgs
        {
            Count = 0,
            Operator = "string",
            ThresholdType = "string",
        },
    },
});

example, err := sumologic.NewLogSearch(ctx, "logSearchResource", &sumologic.LogSearchArgs{
	ParentId:    pulumi.String("string"),
	QueryString: pulumi.String("string"),
	TimeRange: &sumologic.LogSearchTimeRangeArgs{
		BeginBoundedTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeArgs{
			From: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromArgs{
				EpochTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs{
					EpochMillis: pulumi.Int(0),
				},
				Iso8601TimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs{
					Iso8601Time: pulumi.String("string"),
				},
				LiteralTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs{
					RangeName: pulumi.String("string"),
				},
				RelativeTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs{
					RelativeTime: pulumi.String("string"),
				},
			},
			To: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeToArgs{
				EpochTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs{
					EpochMillis: pulumi.Int(0),
				},
				Iso8601TimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs{
					Iso8601Time: pulumi.String("string"),
				},
				LiteralTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs{
					RangeName: pulumi.String("string"),
				},
				RelativeTimeRange: &sumologic.LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs{
					RelativeTime: pulumi.String("string"),
				},
			},
		},
		CompleteLiteralTimeRange: &sumologic.LogSearchTimeRangeCompleteLiteralTimeRangeArgs{
			RangeName: pulumi.String("string"),
		},
	},
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	ParsingMode: pulumi.String("string"),
	QueryParameters: sumologic.LogSearchQueryParameterArray{
		&sumologic.LogSearchQueryParameterArgs{
			DataType:    pulumi.String("string"),
			Name:        pulumi.String("string"),
			Value:       pulumi.String("string"),
			Description: pulumi.String("string"),
		},
	},
	RunByReceiptTime: pulumi.Bool(false),
	Schedule: &sumologic.LogSearchScheduleArgs{
		Notification: &sumologic.LogSearchScheduleNotificationArgs{
			AlertSearchNotification: &sumologic.LogSearchScheduleNotificationAlertSearchNotificationArgs{
				SourceId: pulumi.String("string"),
			},
			CseSignalNotification: &sumologic.LogSearchScheduleNotificationCseSignalNotificationArgs{
				RecordType: pulumi.String("string"),
			},
			EmailSearchNotification: &sumologic.LogSearchScheduleNotificationEmailSearchNotificationArgs{
				ToLists: pulumi.StringArray{
					pulumi.String("string"),
				},
				IncludeCsvAttachment: pulumi.Bool(false),
				IncludeHistogram:     pulumi.Bool(false),
				IncludeQuery:         pulumi.Bool(false),
				IncludeResultSet:     pulumi.Bool(false),
				SubjectTemplate:      pulumi.String("string"),
			},
			SaveToLookupNotification: &sumologic.LogSearchScheduleNotificationSaveToLookupNotificationArgs{
				IsLookupMergeOperation: pulumi.Bool(false),
				LookupFilePath:         pulumi.String("string"),
			},
			SaveToViewNotification: &sumologic.LogSearchScheduleNotificationSaveToViewNotificationArgs{
				ViewName: pulumi.String("string"),
			},
			ServiceNowSearchNotification: &sumologic.LogSearchScheduleNotificationServiceNowSearchNotificationArgs{
				ExternalId: pulumi.String("string"),
				Fields: &sumologic.LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs{
					EventType: pulumi.String("string"),
					Node:      pulumi.String("string"),
					Resource:  pulumi.String("string"),
					Severity:  pulumi.Int(0),
				},
			},
			WebhookSearchNotification: &sumologic.LogSearchScheduleNotificationWebhookSearchNotificationArgs{
				WebhookId:         pulumi.String("string"),
				ItemizeAlerts:     pulumi.Bool(false),
				MaxItemizedAlerts: pulumi.Int(0),
				Payload:           pulumi.String("string"),
			},
		},
		ParseableTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeArgs{
			BeginBoundedTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs{
				From: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs{
					EpochTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs{
						EpochMillis: pulumi.Int(0),
					},
					Iso8601TimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs{
						Iso8601Time: pulumi.String("string"),
					},
					LiteralTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs{
						RangeName: pulumi.String("string"),
					},
					RelativeTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs{
						RelativeTime: pulumi.String("string"),
					},
				},
				To: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs{
					EpochTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs{
						EpochMillis: pulumi.Int(0),
					},
					Iso8601TimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs{
						Iso8601Time: pulumi.String("string"),
					},
					LiteralTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs{
						RangeName: pulumi.String("string"),
					},
					RelativeTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs{
						RelativeTime: pulumi.String("string"),
					},
				},
			},
			CompleteLiteralTimeRange: &sumologic.LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs{
				RangeName: pulumi.String("string"),
			},
		},
		ScheduleType:    pulumi.String("string"),
		TimeZone:        pulumi.String("string"),
		CronExpression:  pulumi.String("string"),
		MuteErrorEmails: pulumi.Bool(false),
		Parameters: sumologic.LogSearchScheduleParameterArray{
			&sumologic.LogSearchScheduleParameterArgs{
				Name:  pulumi.String("string"),
				Value: pulumi.String("string"),
			},
		},
		Threshold: &sumologic.LogSearchScheduleThresholdArgs{
			Count:         pulumi.Int(0),
			Operator:      pulumi.String("string"),
			ThresholdType: pulumi.String("string"),
		},
	},
})

var logSearchResource = new LogSearch("logSearchResource", LogSearchArgs.builder()
    .parentId("string")
    .queryString("string")
    .timeRange(LogSearchTimeRangeArgs.builder()
        .beginBoundedTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeArgs.builder()
            .from(LogSearchTimeRangeBeginBoundedTimeRangeFromArgs.builder()
                .epochTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs.builder()
                    .epochMillis(0)
                    .build())
                .iso8601TimeRange(LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs.builder()
                    .iso8601Time("string")
                    .build())
                .literalTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs.builder()
                    .rangeName("string")
                    .build())
                .relativeTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs.builder()
                    .relativeTime("string")
                    .build())
                .build())
            .to(LogSearchTimeRangeBeginBoundedTimeRangeToArgs.builder()
                .epochTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs.builder()
                    .epochMillis(0)
                    .build())
                .iso8601TimeRange(LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs.builder()
                    .iso8601Time("string")
                    .build())
                .literalTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs.builder()
                    .rangeName("string")
                    .build())
                .relativeTimeRange(LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs.builder()
                    .relativeTime("string")
                    .build())
                .build())
            .build())
        .completeLiteralTimeRange(LogSearchTimeRangeCompleteLiteralTimeRangeArgs.builder()
            .rangeName("string")
            .build())
        .build())
    .description("string")
    .name("string")
    .parsingMode("string")
    .queryParameters(LogSearchQueryParameterArgs.builder()
        .dataType("string")
        .name("string")
        .value("string")
        .description("string")
        .build())
    .runByReceiptTime(false)
    .schedule(LogSearchScheduleArgs.builder()
        .notification(LogSearchScheduleNotificationArgs.builder()
            .alertSearchNotification(LogSearchScheduleNotificationAlertSearchNotificationArgs.builder()
                .sourceId("string")
                .build())
            .cseSignalNotification(LogSearchScheduleNotificationCseSignalNotificationArgs.builder()
                .recordType("string")
                .build())
            .emailSearchNotification(LogSearchScheduleNotificationEmailSearchNotificationArgs.builder()
                .toLists("string")
                .includeCsvAttachment(false)
                .includeHistogram(false)
                .includeQuery(false)
                .includeResultSet(false)
                .subjectTemplate("string")
                .build())
            .saveToLookupNotification(LogSearchScheduleNotificationSaveToLookupNotificationArgs.builder()
                .isLookupMergeOperation(false)
                .lookupFilePath("string")
                .build())
            .saveToViewNotification(LogSearchScheduleNotificationSaveToViewNotificationArgs.builder()
                .viewName("string")
                .build())
            .serviceNowSearchNotification(LogSearchScheduleNotificationServiceNowSearchNotificationArgs.builder()
                .externalId("string")
                .fields(LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs.builder()
                    .eventType("string")
                    .node("string")
                    .resource("string")
                    .severity(0)
                    .build())
                .build())
            .webhookSearchNotification(LogSearchScheduleNotificationWebhookSearchNotificationArgs.builder()
                .webhookId("string")
                .itemizeAlerts(false)
                .maxItemizedAlerts(0)
                .payload("string")
                .build())
            .build())
        .parseableTimeRange(LogSearchScheduleParseableTimeRangeArgs.builder()
            .beginBoundedTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs.builder()
                .from(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs.builder()
                    .epochTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs.builder()
                        .epochMillis(0)
                        .build())
                    .iso8601TimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs.builder()
                        .iso8601Time("string")
                        .build())
                    .literalTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs.builder()
                        .rangeName("string")
                        .build())
                    .relativeTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs.builder()
                        .relativeTime("string")
                        .build())
                    .build())
                .to(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs.builder()
                    .epochTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs.builder()
                        .epochMillis(0)
                        .build())
                    .iso8601TimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs.builder()
                        .iso8601Time("string")
                        .build())
                    .literalTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs.builder()
                        .rangeName("string")
                        .build())
                    .relativeTimeRange(LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs.builder()
                        .relativeTime("string")
                        .build())
                    .build())
                .build())
            .completeLiteralTimeRange(LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs.builder()
                .rangeName("string")
                .build())
            .build())
        .scheduleType("string")
        .timeZone("string")
        .cronExpression("string")
        .muteErrorEmails(false)
        .parameters(LogSearchScheduleParameterArgs.builder()
            .name("string")
            .value("string")
            .build())
        .threshold(LogSearchScheduleThresholdArgs.builder()
            .count(0)
            .operator("string")
            .thresholdType("string")
            .build())
        .build())
    .build());

log_search_resource = sumologic.LogSearch("logSearchResource",
    parent_id="string",
    query_string="string",
    time_range={
        "begin_bounded_time_range": {
            "from_": {
                "epoch_time_range": {
                    "epoch_millis": 0,
                },
                "iso8601_time_range": {
                    "iso8601_time": "string",
                },
                "literal_time_range": {
                    "range_name": "string",
                },
                "relative_time_range": {
                    "relative_time": "string",
                },
            },
            "to": {
                "epoch_time_range": {
                    "epoch_millis": 0,
                },
                "iso8601_time_range": {
                    "iso8601_time": "string",
                },
                "literal_time_range": {
                    "range_name": "string",
                },
                "relative_time_range": {
                    "relative_time": "string",
                },
            },
        },
        "complete_literal_time_range": {
            "range_name": "string",
        },
    },
    description="string",
    name="string",
    parsing_mode="string",
    query_parameters=[{
        "data_type": "string",
        "name": "string",
        "value": "string",
        "description": "string",
    }],
    run_by_receipt_time=False,
    schedule={
        "notification": {
            "alert_search_notification": {
                "source_id": "string",
            },
            "cse_signal_notification": {
                "record_type": "string",
            },
            "email_search_notification": {
                "to_lists": ["string"],
                "include_csv_attachment": False,
                "include_histogram": False,
                "include_query": False,
                "include_result_set": False,
                "subject_template": "string",
            },
            "save_to_lookup_notification": {
                "is_lookup_merge_operation": False,
                "lookup_file_path": "string",
            },
            "save_to_view_notification": {
                "view_name": "string",
            },
            "service_now_search_notification": {
                "external_id": "string",
                "fields": {
                    "event_type": "string",
                    "node": "string",
                    "resource": "string",
                    "severity": 0,
                },
            },
            "webhook_search_notification": {
                "webhook_id": "string",
                "itemize_alerts": False,
                "max_itemized_alerts": 0,
                "payload": "string",
            },
        },
        "parseable_time_range": {
            "begin_bounded_time_range": {
                "from_": {
                    "epoch_time_range": {
                        "epoch_millis": 0,
                    },
                    "iso8601_time_range": {
                        "iso8601_time": "string",
                    },
                    "literal_time_range": {
                        "range_name": "string",
                    },
                    "relative_time_range": {
                        "relative_time": "string",
                    },
                },
                "to": {
                    "epoch_time_range": {
                        "epoch_millis": 0,
                    },
                    "iso8601_time_range": {
                        "iso8601_time": "string",
                    },
                    "literal_time_range": {
                        "range_name": "string",
                    },
                    "relative_time_range": {
                        "relative_time": "string",
                    },
                },
            },
            "complete_literal_time_range": {
                "range_name": "string",
            },
        },
        "schedule_type": "string",
        "time_zone": "string",
        "cron_expression": "string",
        "mute_error_emails": False,
        "parameters": [{
            "name": "string",
            "value": "string",
        }],
        "threshold": {
            "count": 0,
            "operator": "string",
            "threshold_type": "string",
        },
    })

const logSearchResource = new sumologic.LogSearch("logSearchResource", {
    parentId: "string",
    queryString: "string",
    timeRange: {
        beginBoundedTimeRange: {
            from: {
                epochTimeRange: {
                    epochMillis: 0,
                },
                iso8601TimeRange: {
                    iso8601Time: "string",
                },
                literalTimeRange: {
                    rangeName: "string",
                },
                relativeTimeRange: {
                    relativeTime: "string",
                },
            },
            to: {
                epochTimeRange: {
                    epochMillis: 0,
                },
                iso8601TimeRange: {
                    iso8601Time: "string",
                },
                literalTimeRange: {
                    rangeName: "string",
                },
                relativeTimeRange: {
                    relativeTime: "string",
                },
            },
        },
        completeLiteralTimeRange: {
            rangeName: "string",
        },
    },
    description: "string",
    name: "string",
    parsingMode: "string",
    queryParameters: [{
        dataType: "string",
        name: "string",
        value: "string",
        description: "string",
    }],
    runByReceiptTime: false,
    schedule: {
        notification: {
            alertSearchNotification: {
                sourceId: "string",
            },
            cseSignalNotification: {
                recordType: "string",
            },
            emailSearchNotification: {
                toLists: ["string"],
                includeCsvAttachment: false,
                includeHistogram: false,
                includeQuery: false,
                includeResultSet: false,
                subjectTemplate: "string",
            },
            saveToLookupNotification: {
                isLookupMergeOperation: false,
                lookupFilePath: "string",
            },
            saveToViewNotification: {
                viewName: "string",
            },
            serviceNowSearchNotification: {
                externalId: "string",
                fields: {
                    eventType: "string",
                    node: "string",
                    resource: "string",
                    severity: 0,
                },
            },
            webhookSearchNotification: {
                webhookId: "string",
                itemizeAlerts: false,
                maxItemizedAlerts: 0,
                payload: "string",
            },
        },
        parseableTimeRange: {
            beginBoundedTimeRange: {
                from: {
                    epochTimeRange: {
                        epochMillis: 0,
                    },
                    iso8601TimeRange: {
                        iso8601Time: "string",
                    },
                    literalTimeRange: {
                        rangeName: "string",
                    },
                    relativeTimeRange: {
                        relativeTime: "string",
                    },
                },
                to: {
                    epochTimeRange: {
                        epochMillis: 0,
                    },
                    iso8601TimeRange: {
                        iso8601Time: "string",
                    },
                    literalTimeRange: {
                        rangeName: "string",
                    },
                    relativeTimeRange: {
                        relativeTime: "string",
                    },
                },
            },
            completeLiteralTimeRange: {
                rangeName: "string",
            },
        },
        scheduleType: "string",
        timeZone: "string",
        cronExpression: "string",
        muteErrorEmails: false,
        parameters: [{
            name: "string",
            value: "string",
        }],
        threshold: {
            count: 0,
            operator: "string",
            thresholdType: "string",
        },
    },
});

type: sumologic:LogSearch
properties:
    description: string
    name: string
    parentId: string
    parsingMode: string
    queryParameters:
        - dataType: string
          description: string
          name: string
          value: string
    queryString: string
    runByReceiptTime: false
    schedule:
        cronExpression: string
        muteErrorEmails: false
        notification:
            alertSearchNotification:
                sourceId: string
            cseSignalNotification:
                recordType: string
            emailSearchNotification:
                includeCsvAttachment: false
                includeHistogram: false
                includeQuery: false
                includeResultSet: false
                subjectTemplate: string
                toLists:
                    - string
            saveToLookupNotification:
                isLookupMergeOperation: false
                lookupFilePath: string
            saveToViewNotification:
                viewName: string
            serviceNowSearchNotification:
                externalId: string
                fields:
                    eventType: string
                    node: string
                    resource: string
                    severity: 0
            webhookSearchNotification:
                itemizeAlerts: false
                maxItemizedAlerts: 0
                payload: string
                webhookId: string
        parameters:
            - name: string
              value: string
        parseableTimeRange:
            beginBoundedTimeRange:
                from:
                    epochTimeRange:
                        epochMillis: 0
                    iso8601TimeRange:
                        iso8601Time: string
                    literalTimeRange:
                        rangeName: string
                    relativeTimeRange:
                        relativeTime: string
                to:
                    epochTimeRange:
                        epochMillis: 0
                    iso8601TimeRange:
                        iso8601Time: string
                    literalTimeRange:
                        rangeName: string
                    relativeTimeRange:
                        relativeTime: string
            completeLiteralTimeRange:
                rangeName: string
        scheduleType: string
        threshold:
            count: 0
            operator: string
            thresholdType: string
        timeZone: string
    timeRange:
        beginBoundedTimeRange:
            from:
                epochTimeRange:
                    epochMillis: 0
                iso8601TimeRange:
                    iso8601Time: string
                literalTimeRange:
                    rangeName: string
                relativeTimeRange:
                    relativeTime: string
            to:
                epochTimeRange:
                    epochMillis: 0
                iso8601TimeRange:
                    iso8601Time: string
                literalTimeRange:
                    rangeName: string
                relativeTimeRange:
                    relativeTime: string
        completeLiteralTimeRange:
            rangeName: string

LogSearch Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LogSearch resource accepts the following input properties:

ParentId string

The identifier of the folder to create the log search in.

QueryString string

Log query to perform.

TimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRange

Time range of the log search. See time range schema

Description string

Description of the search.

Name string

Name of the search.

ParsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

In AutoParse mode, the system automatically figures out fields to parse based on the search query. While in the Manual mode, no fields are parsed out automatically. For more information see Dynamic Parsing.

QueryParameters List<Pulumi.SumoLogic.Inputs.LogSearchQueryParameter>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

RunByReceiptTime bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

Schedule Pulumi.SumoLogic.Inputs.LogSearchSchedule

Schedule of the log search. See schedule schema

ParentId string

The identifier of the folder to create the log search in.

QueryString string

Log query to perform.

TimeRange LogSearchTimeRangeArgs

Time range of the log search. See time range schema

Description string

Description of the search.

Name string

Name of the search.

ParsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

QueryParameters []LogSearchQueryParameterArgs

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

RunByReceiptTime bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

Schedule LogSearchScheduleArgs

Schedule of the log search. See schedule schema

parentId String

The identifier of the folder to create the log search in.

queryString String

Log query to perform.

timeRange LogSearchTimeRange

Time range of the log search. See time range schema

description String

Description of the search.

name String

Name of the search.

parsingMode String

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters List<LogSearchQueryParameter>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

runByReceiptTime Boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchSchedule

Schedule of the log search. See schedule schema

parentId string

The identifier of the folder to create the log search in.

queryString string

Log query to perform.

timeRange LogSearchTimeRange

Time range of the log search. See time range schema

description string

Description of the search.

name string

Name of the search.

parsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters LogSearchQueryParameter[]

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

runByReceiptTime boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchSchedule

Schedule of the log search. See schedule schema

parent_id str

The identifier of the folder to create the log search in.

query_string str

Log query to perform.

time_range LogSearchTimeRangeArgs

Time range of the log search. See time range schema

description str

Description of the search.

name str

Name of the search.

parsing_mode str

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

query_parameters Sequence[LogSearchQueryParameterArgs]

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

run_by_receipt_time bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchScheduleArgs

Schedule of the log search. See schedule schema

parentId String

The identifier of the folder to create the log search in.

queryString String

Log query to perform.

timeRange Property Map

Time range of the log search. See time range schema

description String

Description of the search.

name String

Name of the search.

parsingMode String

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters List<Property Map>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

runByReceiptTime Boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule Property Map

Schedule of the log search. See schedule schema

Outputs

All input properties are implicitly available as output properties. Additionally, the LogSearch resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing LogSearch Resource

Get an existing LogSearch resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: LogSearchState, opts?: CustomResourceOptions): LogSearch

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        name: Optional[str] = None,
        parent_id: Optional[str] = None,
        parsing_mode: Optional[str] = None,
        query_parameters: Optional[Sequence[LogSearchQueryParameterArgs]] = None,
        query_string: Optional[str] = None,
        run_by_receipt_time: Optional[bool] = None,
        schedule: Optional[LogSearchScheduleArgs] = None,
        time_range: Optional[LogSearchTimeRangeArgs] = None) -> LogSearch

func GetLogSearch(ctx *Context, name string, id IDInput, state *LogSearchState, opts ...ResourceOption) (*LogSearch, error)

public static LogSearch Get(string name, Input<string> id, LogSearchState? state, CustomResourceOptions? opts = null)

public static LogSearch get(String name, Output<String> id, LogSearchState state, CustomResourceOptions options)

resources:  _:    type: sumologic:LogSearch    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string

Description of the search.

Name string

Name of the search.

ParentId string

The identifier of the folder to create the log search in.

ParsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

QueryParameters List<Pulumi.SumoLogic.Inputs.LogSearchQueryParameter>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

QueryString string

Log query to perform.

RunByReceiptTime bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

Schedule Pulumi.SumoLogic.Inputs.LogSearchSchedule

Schedule of the log search. See schedule schema

TimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRange

Time range of the log search. See time range schema

Description string

Description of the search.

Name string

Name of the search.

ParentId string

The identifier of the folder to create the log search in.

ParsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

QueryParameters []LogSearchQueryParameterArgs

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

QueryString string

Log query to perform.

RunByReceiptTime bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

Schedule LogSearchScheduleArgs

Schedule of the log search. See schedule schema

TimeRange LogSearchTimeRangeArgs

Time range of the log search. See time range schema

description String

Description of the search.

name String

Name of the search.

parentId String

The identifier of the folder to create the log search in.

parsingMode String

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters List<LogSearchQueryParameter>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

queryString String

Log query to perform.

runByReceiptTime Boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchSchedule

Schedule of the log search. See schedule schema

timeRange LogSearchTimeRange

Time range of the log search. See time range schema

description string

Description of the search.

name string

Name of the search.

parentId string

The identifier of the folder to create the log search in.

parsingMode string

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters LogSearchQueryParameter[]

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

queryString string

Log query to perform.

runByReceiptTime boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchSchedule

Schedule of the log search. See schedule schema

timeRange LogSearchTimeRange

Time range of the log search. See time range schema

description str

Description of the search.

name str

Name of the search.

parent_id str

The identifier of the folder to create the log search in.

parsing_mode str

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

query_parameters Sequence[LogSearchQueryParameterArgs]

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

query_string str

Log query to perform.

run_by_receipt_time bool

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule LogSearchScheduleArgs

Schedule of the log search. See schedule schema

time_range LogSearchTimeRangeArgs

Time range of the log search. See time range schema

description String

Description of the search.

name String

Name of the search.

parentId String

The identifier of the folder to create the log search in.

parsingMode String

Define the parsing mode to scan the JSON format log messages. Possible values are: AutoParse and Manual. Default value is Manual.

queryParameters List<Property Map>

Up to 10 query_parameter blocks can be added one for each parameter in the query_string. See query parameter schema.

queryString String

Log query to perform.

runByReceiptTime Boolean

This has the value true if the search is to be run by receipt time and false if it is to be run by message time. Default value is false.

schedule Property Map

Schedule of the log search. See schedule schema

timeRange Property Map

Time range of the log search. See time range schema

Supporting Types

LogSearchQueryParameter
, LogSearchQueryParameterArgs

DataType string

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

Name string

Name of the search.

Value string

Default value of scheduled search parameter.

Description string

Description of the search.

DataType string

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

Name string

Name of the search.

Value string

Default value of scheduled search parameter.

Description string

Description of the search.

dataType String

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

name String

Name of the search.

value String

Default value of scheduled search parameter.

description String

Description of the search.

dataType string

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

name string

Name of the search.

value string

Default value of scheduled search parameter.

description string

Description of the search.

data_type str

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

name str

Name of the search.

value str

Default value of scheduled search parameter.

description str

Description of the search.

dataType String

The data type of the parameter. Supported values are:

NUMBER
STRING
ANY
KEYWORD

name String

Name of the search.

value String

Default value of scheduled search parameter.

description String

Description of the search.

LogSearchSchedule
, LogSearchScheduleArgs

Notification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotification: Notification of the log search. See notification schema
ParseableTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRange: Time range of the scheduled log search. See time range schema
ScheduleType string: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
TimeZone string: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
CronExpression string: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
MuteErrorEmails bool: If enabled, emails are not sent out in case of errors with the search.
Parameters List<Pulumi.SumoLogic.Inputs.LogSearchScheduleParameter>
Threshold Pulumi.SumoLogic.Inputs.LogSearchScheduleThreshold: Threshold for when to send notification. See threshold schema

Notification LogSearchScheduleNotification: Notification of the log search. See notification schema
ParseableTimeRange LogSearchScheduleParseableTimeRange: Time range of the scheduled log search. See time range schema
ScheduleType string: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
TimeZone string: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
CronExpression string: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
MuteErrorEmails bool: If enabled, emails are not sent out in case of errors with the search.
Parameters []LogSearchScheduleParameter
Threshold LogSearchScheduleThreshold: Threshold for when to send notification. See threshold schema

notification LogSearchScheduleNotification: Notification of the log search. See notification schema
parseableTimeRange LogSearchScheduleParseableTimeRange: Time range of the scheduled log search. See time range schema
scheduleType String: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
timeZone String: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
cronExpression String: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
muteErrorEmails Boolean: If enabled, emails are not sent out in case of errors with the search.
parameters List<LogSearchScheduleParameter>
threshold LogSearchScheduleThreshold: Threshold for when to send notification. See threshold schema

notification LogSearchScheduleNotification: Notification of the log search. See notification schema
parseableTimeRange LogSearchScheduleParseableTimeRange: Time range of the scheduled log search. See time range schema
scheduleType string: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
timeZone string: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
cronExpression string: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
muteErrorEmails boolean: If enabled, emails are not sent out in case of errors with the search.
parameters LogSearchScheduleParameter[]
threshold LogSearchScheduleThreshold: Threshold for when to send notification. See threshold schema

notification LogSearchScheduleNotification: Notification of the log search. See notification schema
parseable_time_range LogSearchScheduleParseableTimeRange: Time range of the scheduled log search. See time range schema
schedule_type str: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
time_zone str: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
cron_expression str: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
mute_error_emails bool: If enabled, emails are not sent out in case of errors with the search.
parameters Sequence[LogSearchScheduleParameter]
threshold LogSearchScheduleThreshold: Threshold for when to send notification. See threshold schema

notification Property Map: Notification of the log search. See notification schema
parseableTimeRange Property Map: Time range of the scheduled log search. See time range schema
scheduleType String: Run schedule of the scheduled search. Set to "Custom" to specify the schedule with a CRON expression. Possible schedule types are: 15Minutes, 1Hour, 2Hours, 4Hours, 6Hours, 8Hours, 12Hours, 1Day, 1Week, Custom.
With Custom, 1Day and 1Week schedule types you need to provide the corresponding cron expression to determine when to actually run the search. E.g. valid cron for 1Day is 0 0 16 ? * 2-6 *.
timeZone String: Time zone for the scheduled log search. Either an abbreviation such as "PST", a full name such as "America/Los_Angeles", or a custom ID such as "GMT-8:00". Note that the support of abbreviations is for JDK 1.1.x compatibility only and full names should be used.
cronExpression String: Cron-like expression specifying the search's schedule. schedule_type must be set to "Custom", otherwise, schedule_type takes precedence over cron_expression.
muteErrorEmails Boolean: If enabled, emails are not sent out in case of errors with the search.
parameters List<Property Map>
threshold Property Map: Threshold for when to send notification. See threshold schema

LogSearchScheduleNotification
, LogSearchScheduleNotificationArgs

AlertSearchNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationAlertSearchNotification: Run an script action. See alert_search_notification schema for details.
CseSignalNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationCseSignalNotification: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
EmailSearchNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationEmailSearchNotification: Send an alert via email. See email_search_notification schema schema for details.
SaveToLookupNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationSaveToLookupNotification: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
SaveToViewNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationSaveToViewNotification: Save results to an index. See save_to_view_notification schema schema for details.
ServiceNowSearchNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationServiceNowSearchNotification: Send results to Service Now. See service_now_search_notification schema schema for details.
WebhookSearchNotification Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationWebhookSearchNotification: Send an alert via Webhook. See webhook_search_notification schema schema for details.

AlertSearchNotification LogSearchScheduleNotificationAlertSearchNotification: Run an script action. See alert_search_notification schema for details.
CseSignalNotification LogSearchScheduleNotificationCseSignalNotification: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
EmailSearchNotification LogSearchScheduleNotificationEmailSearchNotification: Send an alert via email. See email_search_notification schema schema for details.
SaveToLookupNotification LogSearchScheduleNotificationSaveToLookupNotification: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
SaveToViewNotification LogSearchScheduleNotificationSaveToViewNotification: Save results to an index. See save_to_view_notification schema schema for details.
ServiceNowSearchNotification LogSearchScheduleNotificationServiceNowSearchNotification: Send results to Service Now. See service_now_search_notification schema schema for details.
WebhookSearchNotification LogSearchScheduleNotificationWebhookSearchNotification: Send an alert via Webhook. See webhook_search_notification schema schema for details.

alertSearchNotification LogSearchScheduleNotificationAlertSearchNotification: Run an script action. See alert_search_notification schema for details.
cseSignalNotification LogSearchScheduleNotificationCseSignalNotification: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
emailSearchNotification LogSearchScheduleNotificationEmailSearchNotification: Send an alert via email. See email_search_notification schema schema for details.
saveToLookupNotification LogSearchScheduleNotificationSaveToLookupNotification: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
saveToViewNotification LogSearchScheduleNotificationSaveToViewNotification: Save results to an index. See save_to_view_notification schema schema for details.
serviceNowSearchNotification LogSearchScheduleNotificationServiceNowSearchNotification: Send results to Service Now. See service_now_search_notification schema schema for details.
webhookSearchNotification LogSearchScheduleNotificationWebhookSearchNotification: Send an alert via Webhook. See webhook_search_notification schema schema for details.

alertSearchNotification LogSearchScheduleNotificationAlertSearchNotification: Run an script action. See alert_search_notification schema for details.
cseSignalNotification LogSearchScheduleNotificationCseSignalNotification: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
emailSearchNotification LogSearchScheduleNotificationEmailSearchNotification: Send an alert via email. See email_search_notification schema schema for details.
saveToLookupNotification LogSearchScheduleNotificationSaveToLookupNotification: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
saveToViewNotification LogSearchScheduleNotificationSaveToViewNotification: Save results to an index. See save_to_view_notification schema schema for details.
serviceNowSearchNotification LogSearchScheduleNotificationServiceNowSearchNotification: Send results to Service Now. See service_now_search_notification schema schema for details.
webhookSearchNotification LogSearchScheduleNotificationWebhookSearchNotification: Send an alert via Webhook. See webhook_search_notification schema schema for details.

alert_search_notification LogSearchScheduleNotificationAlertSearchNotification: Run an script action. See alert_search_notification schema for details.
cse_signal_notification LogSearchScheduleNotificationCseSignalNotification: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
email_search_notification LogSearchScheduleNotificationEmailSearchNotification: Send an alert via email. See email_search_notification schema schema for details.
save_to_lookup_notification LogSearchScheduleNotificationSaveToLookupNotification: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
save_to_view_notification LogSearchScheduleNotificationSaveToViewNotification: Save results to an index. See save_to_view_notification schema schema for details.
service_now_search_notification LogSearchScheduleNotificationServiceNowSearchNotification: Send results to Service Now. See service_now_search_notification schema schema for details.
webhook_search_notification LogSearchScheduleNotificationWebhookSearchNotification: Send an alert via Webhook. See webhook_search_notification schema schema for details.

alertSearchNotification Property Map: Run an script action. See alert_search_notification schema for details.
cseSignalNotification Property Map: Create a CSE signal with a scheduled search. See cse_signal_notification schema schema for details.
emailSearchNotification Property Map: Send an alert via email. See email_search_notification schema schema for details.
saveToLookupNotification Property Map: Save results to a Lookup Table. See save_to_lookup_notification schema schema for details.
saveToViewNotification Property Map: Save results to an index. See save_to_view_notification schema schema for details.
serviceNowSearchNotification Property Map: Send results to Service Now. See service_now_search_notification schema schema for details.
webhookSearchNotification Property Map: Send an alert via Webhook. See webhook_search_notification schema schema for details.

LogSearchScheduleNotificationAlertSearchNotification
, LogSearchScheduleNotificationAlertSearchNotificationArgs

SourceId string: Identifier of the collector's source.

SourceId string: Identifier of the collector's source.

sourceId String: Identifier of the collector's source.

sourceId string: Identifier of the collector's source.

source_id str: Identifier of the collector's source.

sourceId String: Identifier of the collector's source.

LogSearchScheduleNotificationCseSignalNotification
, LogSearchScheduleNotificationCseSignalNotificationArgs

RecordType string: Name of the Cloud SIEM Enterprise Record to be created.

RecordType string: Name of the Cloud SIEM Enterprise Record to be created.

recordType String: Name of the Cloud SIEM Enterprise Record to be created.

recordType string: Name of the Cloud SIEM Enterprise Record to be created.

record_type str: Name of the Cloud SIEM Enterprise Record to be created.

recordType String: Name of the Cloud SIEM Enterprise Record to be created.

LogSearchScheduleNotificationEmailSearchNotification
, LogSearchScheduleNotificationEmailSearchNotificationArgs

ToLists List<string>: A list of email recipients.
IncludeCsvAttachment bool: If the search results should be included in the notification email as a CSV attachment.
IncludeHistogram bool: If the search result histogram should be included in the notification email.
IncludeQuery bool: If the search query should be included in the notification email.
IncludeResultSet bool: If the search result set should be included in the notification email.
SubjectTemplate string: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

ToLists []string: A list of email recipients.
IncludeCsvAttachment bool: If the search results should be included in the notification email as a CSV attachment.
IncludeHistogram bool: If the search result histogram should be included in the notification email.
IncludeQuery bool: If the search query should be included in the notification email.
IncludeResultSet bool: If the search result set should be included in the notification email.
SubjectTemplate string: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

toLists List<String>: A list of email recipients.
includeCsvAttachment Boolean: If the search results should be included in the notification email as a CSV attachment.
includeHistogram Boolean: If the search result histogram should be included in the notification email.
includeQuery Boolean: If the search query should be included in the notification email.
includeResultSet Boolean: If the search result set should be included in the notification email.
subjectTemplate String: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

toLists string[]: A list of email recipients.
includeCsvAttachment boolean: If the search results should be included in the notification email as a CSV attachment.
includeHistogram boolean: If the search result histogram should be included in the notification email.
includeQuery boolean: If the search query should be included in the notification email.
includeResultSet boolean: If the search result set should be included in the notification email.
subjectTemplate string: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

to_lists Sequence[str]: A list of email recipients.
include_csv_attachment bool: If the search results should be included in the notification email as a CSV attachment.
include_histogram bool: If the search result histogram should be included in the notification email.
include_query bool: If the search query should be included in the notification email.
include_result_set bool: If the search result set should be included in the notification email.
subject_template str: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

toLists List<String>: A list of email recipients.
includeCsvAttachment Boolean: If the search results should be included in the notification email as a CSV attachment.
includeHistogram Boolean: If the search result histogram should be included in the notification email.
includeQuery Boolean: If the search query should be included in the notification email.
includeResultSet Boolean: If the search result set should be included in the notification email.
subjectTemplate String: Subject of the email. If the notification is scheduled with a threshold, the default subject template will be Search Alert: {{AlertCondition}} results found for {{SearchName}}. For email notifications without a threshold, the default subject template is Search Results: {{SearchName}}.

LogSearchScheduleNotificationSaveToLookupNotification
, LogSearchScheduleNotificationSaveToLookupNotificationArgs

IsLookupMergeOperation bool: Whether to merge the file contents with existing data in the lookup table.
LookupFilePath string: Path of the lookup table to save the results to.

IsLookupMergeOperation bool: Whether to merge the file contents with existing data in the lookup table.
LookupFilePath string: Path of the lookup table to save the results to.

isLookupMergeOperation Boolean: Whether to merge the file contents with existing data in the lookup table.
lookupFilePath String: Path of the lookup table to save the results to.

isLookupMergeOperation boolean: Whether to merge the file contents with existing data in the lookup table.
lookupFilePath string: Path of the lookup table to save the results to.

is_lookup_merge_operation bool: Whether to merge the file contents with existing data in the lookup table.
lookup_file_path str: Path of the lookup table to save the results to.

isLookupMergeOperation Boolean: Whether to merge the file contents with existing data in the lookup table.
lookupFilePath String: Path of the lookup table to save the results to.

LogSearchScheduleNotificationSaveToViewNotification
, LogSearchScheduleNotificationSaveToViewNotificationArgs

ViewName string: Name of the View(Index) to save the results to.

ViewName string: Name of the View(Index) to save the results to.

viewName String: Name of the View(Index) to save the results to.

viewName string: Name of the View(Index) to save the results to.

view_name str: Name of the View(Index) to save the results to.

viewName String: Name of the View(Index) to save the results to.

LogSearchScheduleNotificationServiceNowSearchNotification
, LogSearchScheduleNotificationServiceNowSearchNotificationArgs

ExternalId string: Service Now Identifier.
Fields Pulumi.SumoLogic.Inputs.LogSearchScheduleNotificationServiceNowSearchNotificationFields: Service Now fields.

ExternalId string: Service Now Identifier.
Fields LogSearchScheduleNotificationServiceNowSearchNotificationFields: Service Now fields.

externalId String: Service Now Identifier.
fields LogSearchScheduleNotificationServiceNowSearchNotificationFields: Service Now fields.

externalId string: Service Now Identifier.
fields LogSearchScheduleNotificationServiceNowSearchNotificationFields: Service Now fields.

external_id str: Service Now Identifier.
fields LogSearchScheduleNotificationServiceNowSearchNotificationFields: Service Now fields.

externalId String: Service Now Identifier.
fields Property Map: Service Now fields.

LogSearchScheduleNotificationServiceNowSearchNotificationFields
, LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs

EventType string

The category that the event source uses to identify the event.

Node string

The physical or virtual device on which the event occurred.

Resource string

The component on the node to which the event applies.

Severity int

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

EventType string

The category that the event source uses to identify the event.

Node string

The physical or virtual device on which the event occurred.

Resource string

The component on the node to which the event applies.

Severity int

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

eventType String

The category that the event source uses to identify the event.

node String

The physical or virtual device on which the event occurred.

resource String

The component on the node to which the event applies.

severity Integer

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

eventType string

The category that the event source uses to identify the event.

node string

The physical or virtual device on which the event occurred.

resource string

The component on the node to which the event applies.

severity number

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

event_type str

The category that the event source uses to identify the event.

node str

The physical or virtual device on which the event occurred.

resource str

The component on the node to which the event applies.

severity int

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

eventType String

The category that the event source uses to identify the event.

node String

The physical or virtual device on which the event occurred.

resource String

The component on the node to which the event applies.

severity Number

An integer value representing the severity of the alert. Supported values are:

0 for Clear
1 for Critical
2 for Major
3 for Minor
4 for Warning

LogSearchScheduleNotificationWebhookSearchNotification
, LogSearchScheduleNotificationWebhookSearchNotificationArgs

WebhookId string: Identifier of the webhook connection.
ItemizeAlerts bool: If set to true, one webhook per result will be sent when the trigger conditions are met.
MaxItemizedAlerts int: The maximum number of results for which we send separate alerts.
Payload string: A JSON object in the format required by the target WebHook URL.

WebhookId string: Identifier of the webhook connection.
ItemizeAlerts bool: If set to true, one webhook per result will be sent when the trigger conditions are met.
MaxItemizedAlerts int: The maximum number of results for which we send separate alerts.
Payload string: A JSON object in the format required by the target WebHook URL.

webhookId String: Identifier of the webhook connection.
itemizeAlerts Boolean: If set to true, one webhook per result will be sent when the trigger conditions are met.
maxItemizedAlerts Integer: The maximum number of results for which we send separate alerts.
payload String: A JSON object in the format required by the target WebHook URL.

webhookId string: Identifier of the webhook connection.
itemizeAlerts boolean: If set to true, one webhook per result will be sent when the trigger conditions are met.
maxItemizedAlerts number: The maximum number of results for which we send separate alerts.
payload string: A JSON object in the format required by the target WebHook URL.

webhook_id str: Identifier of the webhook connection.
itemize_alerts bool: If set to true, one webhook per result will be sent when the trigger conditions are met.
max_itemized_alerts int: The maximum number of results for which we send separate alerts.
payload str: A JSON object in the format required by the target WebHook URL.

webhookId String: Identifier of the webhook connection.
itemizeAlerts Boolean: If set to true, one webhook per result will be sent when the trigger conditions are met.
maxItemizedAlerts Number: The maximum number of results for which we send separate alerts.
payload String: A JSON object in the format required by the target WebHook URL.

LogSearchScheduleParameter
, LogSearchScheduleParameterArgs

Name string: Name of the search.
Value string: Default value of scheduled search parameter.

Name string: Name of the search.
Value string: Default value of scheduled search parameter.

name String: Name of the search.
value String: Default value of scheduled search parameter.

name string: Name of the search.
value string: Default value of scheduled search parameter.

name str: Name of the search.
value str: Default value of scheduled search parameter.

name String: Name of the search.
value String: Default value of scheduled search parameter.

LogSearchScheduleParseableTimeRange
, LogSearchScheduleParseableTimeRangeArgs

BeginBoundedTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
CompleteLiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

BeginBoundedTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
CompleteLiteralTimeRange LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

begin_bounded_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
complete_literal_time_range LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange Property Map: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange Property Map: Literal time range. See complete_literal_time_range schema for details.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs

From Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
To Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

From LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
To LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from_ LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from Property Map: Start boundary of bounded time range. See time_range_boundary schema for details.
to Property Map: End boundary of bounded time range. See time_range_boundary schema for details.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs

EpochTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
Iso8601TimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
RelativeTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

EpochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
Iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
RelativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epoch_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literal_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relative_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange Property Map: Time since the epoch.
iso8601TimeRange Property Map: Time in ISO 8601 format.
literalTimeRange Property Map: Time in literal format.
relativeTimeRange Property Map: Time in relative format.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

EpochMillis int: Time as a number of milliseconds since the epoch.

EpochMillis int: Time as a number of milliseconds since the epoch.

epochMillis Integer: Time as a number of milliseconds since the epoch.

epochMillis number: Time as a number of milliseconds since the epoch.

epoch_millis int: Time as a number of milliseconds since the epoch.

epochMillis Number: Time as a number of milliseconds since the epoch.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

Iso8601Time string: Time as a string in ISO 8601 format.

Iso8601Time string: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

iso8601Time string: Time as a string in ISO 8601 format.

iso8601_time str: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relative_time str

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs

EpochTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
Iso8601TimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
RelativeTimeRange Pulumi.SumoLogic.Inputs.LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

EpochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
Iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
RelativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epoch_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literal_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relative_time_range LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange Property Map: Time since the epoch.
iso8601TimeRange Property Map: Time in ISO 8601 format.
literalTimeRange Property Map: Time in literal format.
relativeTimeRange Property Map: Time in relative format.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

EpochMillis int: Time as a number of milliseconds since the epoch.

EpochMillis int: Time as a number of milliseconds since the epoch.

epochMillis Integer: Time as a number of milliseconds since the epoch.

epochMillis number: Time as a number of milliseconds since the epoch.

epoch_millis int: Time as a number of milliseconds since the epoch.

epochMillis Number: Time as a number of milliseconds since the epoch.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

Iso8601Time string: Time as a string in ISO 8601 format.

Iso8601Time string: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

iso8601Time string: Time as a string in ISO 8601 format.

iso8601_time str: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relative_time str

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange
, LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

LogSearchScheduleThreshold
, LogSearchScheduleThresholdArgs

Count int: Expected result count.
Operator string: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
ThresholdType string: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

Count int: Expected result count.
Operator string: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
ThresholdType string: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

count Integer: Expected result count.
operator String: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
thresholdType String: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

count number: Expected result count.
operator string: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
thresholdType string: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

count int: Expected result count.
operator str: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
threshold_type str: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

count Number: Expected result count.
operator String: Criterion to be applied when comparing actual result count with expected count. Possible values are: eq, gt, ge, lt, and le.
thresholdType String: Threshold type for the scheduled log search. Possible values are: message and group. Use group as threshold type if the search query is of aggregate type. For non-aggregate queries, set it to message.

LogSearchTimeRange
, LogSearchTimeRangeArgs

BeginBoundedTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
CompleteLiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

BeginBoundedTimeRange LogSearchTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
CompleteLiteralTimeRange LogSearchTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange LogSearchTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange LogSearchTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange LogSearchTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange LogSearchTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

begin_bounded_time_range LogSearchTimeRangeBeginBoundedTimeRange: Bounded time range. See begin_bounded_time_range schema schema for details.
complete_literal_time_range LogSearchTimeRangeCompleteLiteralTimeRange: Literal time range. See complete_literal_time_range schema for details.

beginBoundedTimeRange Property Map: Bounded time range. See begin_bounded_time_range schema schema for details.
completeLiteralTimeRange Property Map: Literal time range. See complete_literal_time_range schema for details.

LogSearchTimeRangeBeginBoundedTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeArgs

From Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
To Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

From LogSearchTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
To LogSearchTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from LogSearchTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from LogSearchTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from_ LogSearchTimeRangeBeginBoundedTimeRangeFrom: Start boundary of bounded time range. See time_range_boundary schema for details.
to LogSearchTimeRangeBeginBoundedTimeRangeTo: End boundary of bounded time range. See time_range_boundary schema for details.

from Property Map: Start boundary of bounded time range. See time_range_boundary schema for details.
to Property Map: End boundary of bounded time range. See time_range_boundary schema for details.

LogSearchTimeRangeBeginBoundedTimeRangeFrom
, LogSearchTimeRangeBeginBoundedTimeRangeFromArgs

EpochTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
Iso8601TimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
RelativeTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

EpochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
Iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
RelativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epoch_time_range LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange: Time since the epoch.
iso8601_time_range LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange: Time in ISO 8601 format.
literal_time_range LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange: Time in literal format.
relative_time_range LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange: Time in relative format.

epochTimeRange Property Map: Time since the epoch.
iso8601TimeRange Property Map: Time in ISO 8601 format.
literalTimeRange Property Map: Time in literal format.
relativeTimeRange Property Map: Time in relative format.

LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

EpochMillis int: Time as a number of milliseconds since the epoch.

EpochMillis int: Time as a number of milliseconds since the epoch.

epochMillis Integer: Time as a number of milliseconds since the epoch.

epochMillis number: Time as a number of milliseconds since the epoch.

epoch_millis int: Time as a number of milliseconds since the epoch.

epochMillis Number: Time as a number of milliseconds since the epoch.

LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

Iso8601Time string: Time as a string in ISO 8601 format.

Iso8601Time string: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

iso8601Time string: Time as a string in ISO 8601 format.

iso8601_time str: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relative_time str

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

LogSearchTimeRangeBeginBoundedTimeRangeTo
, LogSearchTimeRangeBeginBoundedTimeRangeToArgs

EpochTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
Iso8601TimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
RelativeTimeRange Pulumi.SumoLogic.Inputs.LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

EpochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
Iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
LiteralTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
RelativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601TimeRange LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literalTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relativeTimeRange LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epoch_time_range LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange: Time since the epoch.
iso8601_time_range LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange: Time in ISO 8601 format.
literal_time_range LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange: Time in literal format.
relative_time_range LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange: Time in relative format.

epochTimeRange Property Map: Time since the epoch.
iso8601TimeRange Property Map: Time in ISO 8601 format.
literalTimeRange Property Map: Time in literal format.
relativeTimeRange Property Map: Time in relative format.

LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

EpochMillis int: Time as a number of milliseconds since the epoch.

EpochMillis int: Time as a number of milliseconds since the epoch.

epochMillis Integer: Time as a number of milliseconds since the epoch.

epochMillis number: Time as a number of milliseconds since the epoch.

epoch_millis int: Time as a number of milliseconds since the epoch.

epochMillis Number: Time as a number of milliseconds since the epoch.

LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

Iso8601Time string: Time as a string in ISO 8601 format.

Iso8601Time string: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

iso8601Time string: Time as a string in ISO 8601 format.

iso8601_time str: Time as a string in ISO 8601 format.

iso8601Time String: Time as a string in ISO 8601 format.

LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

RelativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime string

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relative_time str

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

relativeTime String

Relative time as a string consisting of following elements:

- (optional): minus sign indicates time in the past,
<number>: number of time units,
<time_unit>: time unit; possible values are: w (week), d (day), h (hour), m (minute), s (second).

Multiple pairs of <number><time_unit> may be provided, and they may be in any order. For example, -2w5d3h points to the moment in time 2 weeks, 5 days and 3 hours ago.

LogSearchTimeRangeCompleteLiteralTimeRange
, LogSearchTimeRangeCompleteLiteralTimeRangeArgs

RangeName string

RangeName string

rangeName String

rangeName string

range_name str

rangeName String

Import

A log search can be imported using it’s identifier, e.g.:

hcl

$ pulumi import sumologic:index/logSearch:LogSearch example_search 0000000007FFD79D

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Sumo Logic pulumi/pulumi-sumologic
License: Apache-2.0
Notes: This Pulumi package is based on the sumologic Terraform Provider.

Sumo Logic v1.0.7 published on Friday, Apr 11, 2025 by Pulumi

pulumi/pulumi-sumologic

sumologic.LogSearch

On this page

On this page

Example Usage

Attributes reference

Create LogSearch Resource

Constructor syntax

Parameters

Constructor example

LogSearch Resource Properties

Inputs

Outputs

Look up Existing LogSearch Resource

Supporting Types

LogSearchQueryParameter, LogSearchQueryParameterArgs

LogSearchSchedule, LogSearchScheduleArgs

LogSearchScheduleNotification, LogSearchScheduleNotificationArgs

LogSearchScheduleNotificationAlertSearchNotification, LogSearchScheduleNotificationAlertSearchNotificationArgs

LogSearchScheduleNotificationCseSignalNotification, LogSearchScheduleNotificationCseSignalNotificationArgs

LogSearchScheduleNotificationEmailSearchNotification, LogSearchScheduleNotificationEmailSearchNotificationArgs

LogSearchScheduleNotificationSaveToLookupNotification, LogSearchScheduleNotificationSaveToLookupNotificationArgs

LogSearchScheduleNotificationSaveToViewNotification, LogSearchScheduleNotificationSaveToViewNotificationArgs

LogSearchScheduleNotificationServiceNowSearchNotification, LogSearchScheduleNotificationServiceNowSearchNotificationArgs

LogSearchScheduleNotificationServiceNowSearchNotificationFields, LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs

LogSearchScheduleNotificationWebhookSearchNotification, LogSearchScheduleNotificationWebhookSearchNotificationArgs

LogSearchScheduleParameter, LogSearchScheduleParameterArgs

LogSearchScheduleParseableTimeRange, LogSearchScheduleParseableTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange, LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs

LogSearchScheduleThreshold, LogSearchScheduleThresholdArgs

LogSearchTimeRange, LogSearchTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFrom, LogSearchTimeRangeBeginBoundedTimeRangeFromArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange, LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeTo, LogSearchTimeRangeBeginBoundedTimeRangeToArgs

LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange, LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange, LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

LogSearchTimeRangeCompleteLiteralTimeRange, LogSearchTimeRangeCompleteLiteralTimeRangeArgs

Import

Package Details

On this page

On this page

LogSearchQueryParameter
, LogSearchQueryParameterArgs

LogSearchSchedule
, LogSearchScheduleArgs

LogSearchScheduleNotification
, LogSearchScheduleNotificationArgs

LogSearchScheduleNotificationAlertSearchNotification
, LogSearchScheduleNotificationAlertSearchNotificationArgs

LogSearchScheduleNotificationCseSignalNotification
, LogSearchScheduleNotificationCseSignalNotificationArgs

LogSearchScheduleNotificationEmailSearchNotification
, LogSearchScheduleNotificationEmailSearchNotificationArgs

LogSearchScheduleNotificationSaveToLookupNotification
, LogSearchScheduleNotificationSaveToLookupNotificationArgs

LogSearchScheduleNotificationSaveToViewNotification
, LogSearchScheduleNotificationSaveToViewNotificationArgs

LogSearchScheduleNotificationServiceNowSearchNotification
, LogSearchScheduleNotificationServiceNowSearchNotificationArgs

LogSearchScheduleNotificationServiceNowSearchNotificationFields
, LogSearchScheduleNotificationServiceNowSearchNotificationFieldsArgs

LogSearchScheduleNotificationWebhookSearchNotification
, LogSearchScheduleNotificationWebhookSearchNotificationArgs

LogSearchScheduleParameter
, LogSearchScheduleParameterArgs

LogSearchScheduleParseableTimeRange
, LogSearchScheduleParseableTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFrom
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeTo
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRange
, LogSearchScheduleParseableTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRange
, LogSearchScheduleParseableTimeRangeCompleteLiteralTimeRangeArgs

LogSearchScheduleThreshold
, LogSearchScheduleThresholdArgs

LogSearchTimeRange
, LogSearchTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFrom
, LogSearchTimeRangeBeginBoundedTimeRangeFromArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromEpochTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromIso8601TimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromLiteralTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeFromRelativeTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeTo
, LogSearchTimeRangeBeginBoundedTimeRangeToArgs

LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToEpochTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToIso8601TimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToLiteralTimeRangeArgs

LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRange
, LogSearchTimeRangeBeginBoundedTimeRangeToRelativeTimeRangeArgs

LogSearchTimeRangeCompleteLiteralTimeRange
, LogSearchTimeRangeCompleteLiteralTimeRangeArgs