Optional additionalA container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.
Optional aggregationThe aggregation type.
Optional customQuery extension to append to the logs query.
Optional dataSource of events, either logs, audit trail, or Datadog events.
Optional distinctField for which the cardinality is measured. Sent as an array.
Optional groupFields to group by.
Optional hasWhen false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with N/A, replacing the missing values.
Optional indexThis field is currently unstable and might be removed in a minor version upgrade.
The index to run the query on, if the dataSource is logs. Only used for scheduled rules - in other words, when the schedulingOptions field is present in the rule payload.
Optional indexesList of indexes to query when the dataSource is logs. Only used for scheduled rules, such as when the schedulingOptions field is present in the rule payload.
Optional metric(Deprecated) The target field to aggregate over when using the sum or max
aggregations. metrics field should be used instead.
Optional metricsGroup of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.
Optional nameName of the query.
Optional queryQuery to run on logs.
Generated using TypeDoc
Query for matching rule.