object correlation.create(object/array correlations)
This method allows to create new correlations.
(object/array)
Correlations to create.
Additionally to the standard correlation properties, the method accepts the following parameters.
Parameter | Type | Description |
---|---|---|
operations (required) |
array | Correlation operations to create for the correlation. |
filter (required) |
object | Correlation filter object for the correlation. |
(object)
Returns an object containing the IDs of the created correlations under the correlationids
property. The order of the returned IDs matches the order of the passed correlations.
Create a correlation using evaluation method AND/OR
with one condition and one operation. By default the correlation will be enabled.
Request:
{
"jsonrpc": "2.0",
"method": "correlation.create",
"params": {
"name": "new event tag correlation",
"filter": {
"evaltype": 0,
"conditions": [
{
"type": 1,
"tag": "ok"
}
]
},
"operations": [
{
"type": 0
}
]
},
"auth": "343baad4f88b4106b9b5961e77437688",
"id": 1
}
Response:
Create a correlation that will use a custom filter condition. The formula IDs "A" or "B" have been chosen arbitrarily. Condition type will be "Host group" with operator "<>".
Request:
{
"jsonrpc": "2.0",
"method": "correlation.create",
"params": {
"name": "new host group correlation",
"description": "a custom description",
"status": 0,
"filter": {
"evaltype": 3,
"formula": "A or B",
"conditions": [
{
"type": 2,
"operator": 1,
"formulaid": "A"
},
{
"type": 2,
"operator": 1,
"formulaid": "B"
}
]
},
"operations": [
{
"type": 1
}
]
},
"auth": "343baad4f88b4106b9b5961e77437688",
"id": 1
}
Response:
CCorrelation::create() in ui/include/classes/api/services/CCorrelation.php.