post https://api.bigpanda.io/resources/v2.1/enrichments-config/tags//enrichments/
Creates a new composition or extraction enrichment item for the tag.
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
Tag Limitations
To maintain quality of service, BigPanda limits the number of alert tags and enrichment items available. Each organization can have:
- 1000 alert tags
- 500 enrichment items per alert tag
- 20,000 alert enrichment items total
- 200 mapping enrichment results tags
If more alert tags or enrichment items are needed, we recommend exploring normalization options to help streamline your alert data and improve incident quality.
Config Object Required
The config object is required when creating an enrichment item. When adding your array of enrichment items, make sure to expand the config object and include all required parameters.
Sample Calls
curl --request POST \
--url https://api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'
curl --request POST \
--url https://eu-api.bigpanda.io/resources/v2.1/enrichments-config/tags/{tag_name}/enrichments \
--header 'Authorization: Bearer <User API Key>' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"enrichments": [
{
"type": "extraction",
"active": true,
"when": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"config": {
"source": "host",
"destination": "tag_name",
"regex": "(.*)"
},
"note": "note"
},
{
"type": "composition",
"active": true,
"when":
{
"IN": [
"host",
[
"prod-api-1",
"prod-api-2"
]
]
},
"config": {
"source": "nagios",
"destination": "tag_name",
"value": "val-${host6666}\"
},
"note": "wiki.com"
}
]
}
'