Task Definition REST API
A task is the single unit of work performed on event data. Each task has the following built-in functions that can perform processing on an event:
| Field | Type | Required | Description |
|---|---|---|---|
| ID | String | ✓ | Unique identifier for the task. This ID is also used as a key when updating or deleting the entry. |
| Name | String | ✓ | A descriptive name for the task configuration. |
| Description | String | ✗ | Detailed description explaining the task's functionality and purpose. |
| Function | String | ✓ | The task function to execute. Must be one of the following predefined functions: |
Available Task Functions
APPLY_RULES: Apply predefined rules (per event and/or correlated/aggregated) to streaming events. The input must beJSON.EXTRACT: Extract any event input with provided Regular Expression defition (named groups). The output isJSON.FILTER: Filter an event (keep or drop) based on PDL or regex definition. For PDL, the input must beJSON.OUTPUT_FIELD: Outputs the value of a given field. The input must beJSONand the output isStringrepresentation of the selected field value.PARSE_CEF: Parse input CEF (Common Event Format) event intoJSON.PARSE_CSV: Parse inputCSVevent intoJSON.PARSE_KV: Parse input key-value pairs event intoJSON.PDL_EXPRESSION: Allows event data transformation and enrichment via PDL expressions. The input must beJSON.TIMESTAMP: Define a field from within the event data (JSONformatted) to use as the timestamp.
Important Notes
- This section describes the function definition of a task, for generic API call, please refer to Tasks REST API.
- Padas Engine verifies requests against the JSON schema defined as Padas Task Schema.
- For description of each definition field and default values please refer to Stream Configuration
Task Definition Examples
APPLY_RULES Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "APPLY_RULES",
"definition": {
"rules": [
"rule1",
"rule2"
],
"matchAll": false
}
}
EXTRACT Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "EXTRACT",
"definition": {
"field": "somefield",
"regex": "someregex text here",
"keepRaw": false
}
}
FILTER Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "FILTER",
"definition": {
"type": "regex",
"action": "drop",
"value": "regex goes here"
}
}
OUTPUT_FIELD Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "OUTPUT_FIELD",
"definition": {
"field": "someFieldName"
}
}
PARSE_CEF Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "PARSE_CEF",
"definition": {
"rawFieldName": "_raw",
"keepRaw": true
}
}
PARSE_CSV Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "PARSE_CSV",
"definition": {
"fieldNames": "field1,field2,field3",
"delimeter":"|"
}
}
PARSE_KV Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "PARSE_KV",
"definition": {
"delimeter":":"
}
}
PDL_EXPRESSION Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "PDL_EXPRESSION",
"definition": {
"pdl" : "field1=\"value1\" AND field2 > 100 | eval field3=if(field2 < 400, 0, 1)"
}
}
TIMESTAMP Definition Example
{
"id": 1,
"name": "MyTask Name",
"description": "MyTask description goes here.",
"function": "TIMESTAMP",
"definition": {
"field": "somefield",
"format": "%H%M%S"
}
}