PostEvents
The PostEvents action posts an array of events to the QRadar® product event pipeline, which allows the events to be parsed, correlated, and stored.
The following table shows the parameters for the PostEvents action.
Name | Data type | Required | Notes |
---|---|---|---|
path | JPath | Yes | The path of the array element to post. |
encoding | String | No |
The encoding of the event. Possible values:
The default is UTF-8. |
source | String | Yes |
The source (host) of the event. The source value is used to route the event within the event pipeline to the correct log source. The event is matched to the log source identifier of an existing log source. If no log source exists with a matching log source identifier, the event is stored without parsing and a copy of the event is sent to the log source autodetection engine. If a log source is autodetected from the event, it is created with its log source identifier set to the source value. |
XML Example:
This action posts the array of strings that are stored in the State at /events into the QRadar product event pipeline as a series of events. If a log source has a log source identifier that matches the value that is stored in /host, the events are routed to that log source.
<PostEvents path="/events" host="${/host}" />