Configuration JSON
On this page, you will find information about configuration formatting. All configurations must be stored and updated in JSON format.
A JSON configuration contains required fields, as well as a field that serves as the configuration identifier. If a configuration includes required fields, they must be present when saving, even if arbitrary fields are otherwise allowed. If the identifier field differs from _id, it will automatically be duplicated in the configuration. In this case, the configuration will be saved with a specific ID and the specified identifier field set to the value of that ID. When performing an update request, the value of this field must match the {config_id} parameter. The table below outlines in which index the configuration is stored, whether arbitrary fields not listed in required or optional ones are allowed, and whether tags are associated with the configurations.
Configuration Characteristics Table
| Name | Index | Identifier Field | Required Fields | Optional Fields | Arbitrary Fields Allowed | With Tags |
|---|---|---|---|---|---|---|
lookups | .sm_sme_lookups | name | idx, fields | condition, sourcetype, limit, wildcards, case_sensitive, cidrmatch | - | + |
db | .sm_sme_db | connection_name | connection_string, driver_class, driver_file | - | + | + |
db_queries | .sm_sme_db_queries | name | query | - | - | + |
dashboards | .sm_dashboards | _id | yaml | - | + | + |
scripts | .sm_sme_scripts | _id | argumentsCount, script, description, type | alias | - | - |
tags | .sm_sme_tags | _id | - | - | + | - |
search_favorites | .sm_search_favorite | _id | query, historyQueryId, user | - | - | - |
search_histories | .sm_search_history | _id | query, timestamp, user | - | - | - |
search_anywhere_sources | .sm_sme_search_anywhere_sources | _id | source_type | server, port, user, path_to_trust_store, trust_store_password, password, connection_string, connection_url | - | + |
persons | .sm_persons | _id | - | - | + | - |
Additional Features
The fields, wildcards, case_sensitive, and cidrmatch fields in lookups are passed as arrays of strings.
The type field in scripts can only be one of the following values: internal, external, or system.
If a configuration contains a password field, it will be stored and displayed in encrypted form.