cribl-control-plane 0.3.0b2__py3-none-any.whl → 0.3.0b4__py3-none-any.whl

cribl_control_plane/models/outputelastic.py

@@ -113,13 +113,25 @@ class OutputElasticAuthenticationMethod(str, Enum, metaclass=utils.OpenEnumMeta)
 
 class OutputElasticAuthTypedDict(TypedDict):
     disabled: NotRequired[bool]
+    username: NotRequired[str]
+    password: NotRequired[str]
     auth_type: NotRequired[OutputElasticAuthenticationMethod]
     r"""Enter credentials directly, or select a stored secret"""
+    credentials_secret: NotRequired[str]
+    r"""Select or create a secret that references your credentials"""
+    manual_api_key: NotRequired[str]
+    r"""Enter API key directly"""
+    text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
 
 
 class OutputElasticAuth(BaseModel):
     disabled: Optional[bool] = True
 
+    username: Optional[str] = None
+
+    password: Optional[str] = None
+
     auth_type: Annotated[
         Annotated[
             Optional[OutputElasticAuthenticationMethod],
@@ -129,6 +141,19 @@ class OutputElasticAuth(BaseModel):
     ] = OutputElasticAuthenticationMethod.MANUAL
     r"""Enter credentials directly, or select a stored secret"""
 
+    credentials_secret: Annotated[
+        Optional[str], pydantic.Field(alias="credentialsSecret")
+    ] = None
+    r"""Select or create a secret that references your credentials"""
+
+    manual_api_key: Annotated[Optional[str], pydantic.Field(alias="manualAPIKey")] = (
+        None
+    )
+    r"""Enter API key directly"""
+
+    text_secret: Annotated[Optional[str], pydantic.Field(alias="textSecret")] = None
+    r"""Select or create a stored text secret"""
+
 
 class ElasticVersion(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Optional Elasticsearch version, used to format events. If not specified, will auto-discover version."""
@@ -176,6 +201,17 @@ class OutputElasticURL(BaseModel):
     r"""Assign a weight (>0) to each endpoint to indicate its traffic-handling capability"""
 
 
+class OutputElasticMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
 class OutputElasticCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
@@ -194,17 +230,6 @@ class OutputElasticQueueFullBehavior(str, Enum, metaclass=utils.OpenEnumMeta):
     DROP = "drop"
 
 
-class OutputElasticMode(str, Enum, metaclass=utils.OpenEnumMeta):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    # Error
-    ERROR = "error"
-    # Backpressure
-    BACKPRESSURE = "backpressure"
-    # Always On
-    ALWAYS = "always"
-
-
 class OutputElasticPqControlsTypedDict(TypedDict):
     pass
 
@@ -287,6 +312,16 @@ class OutputElasticTypedDict(TypedDict):
     r"""The interval in which to re-resolve any hostnames and pick up destinations from A records"""
     load_balance_stats_period_sec: NotRequired[float]
     r"""How far back in time to keep traffic stats for load balancing purposes"""
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputElasticMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -297,8 +332,6 @@ class OutputElasticTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputElasticQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputElasticMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputElasticPqControlsTypedDict]
 
 
@@ -468,6 +501,34 @@ class OutputElastic(BaseModel):
     ] = 300
     r"""How far back in time to keep traffic stats for load balancing purposes"""
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputElasticMode], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputElasticMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -499,14 +560,6 @@ class OutputElastic(BaseModel):
     ] = OutputElasticQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[
-        Annotated[
-            Optional[OutputElasticMode], PlainValidator(validate_open_enum(False))
-        ],
-        pydantic.Field(alias="pqMode"),
-    ] = OutputElasticMode.ERROR
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputElasticPqControls], pydantic.Field(alias="pqControls")
     ] = None

cribl_control_plane/models/outputelasticcloud.py

@@ -61,13 +61,25 @@ class OutputElasticCloudAuthenticationMethod(str, Enum, metaclass=utils.OpenEnum
 
 class OutputElasticCloudAuthTypedDict(TypedDict):
     disabled: NotRequired[bool]
+    username: NotRequired[str]
+    password: NotRequired[str]
     auth_type: NotRequired[OutputElasticCloudAuthenticationMethod]
     r"""Enter credentials directly, or select a stored secret"""
+    credentials_secret: NotRequired[str]
+    r"""Select or create a secret that references your credentials"""
+    manual_api_key: NotRequired[str]
+    r"""Enter API key directly"""
+    text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
 
 
 class OutputElasticCloudAuth(BaseModel):
     disabled: Optional[bool] = False
 
+    username: Optional[str] = None
+
+    password: Optional[str] = None
+
     auth_type: Annotated[
         Annotated[
             Optional[OutputElasticCloudAuthenticationMethod],
@@ -77,6 +89,19 @@ class OutputElasticCloudAuth(BaseModel):
     ] = OutputElasticCloudAuthenticationMethod.MANUAL
     r"""Enter credentials directly, or select a stored secret"""
 
+    credentials_secret: Annotated[
+        Optional[str], pydantic.Field(alias="credentialsSecret")
+    ] = None
+    r"""Select or create a secret that references your credentials"""
+
+    manual_api_key: Annotated[Optional[str], pydantic.Field(alias="manualAPIKey")] = (
+        None
+    )
+    r"""Enter API key directly"""
+
+    text_secret: Annotated[Optional[str], pydantic.Field(alias="textSecret")] = None
+    r"""Select or create a stored text secret"""
+
 
 class OutputElasticCloudResponseRetrySettingTypedDict(TypedDict):
     http_status: float
@@ -143,6 +168,17 @@ class OutputElasticCloudBackpressureBehavior(str, Enum, metaclass=utils.OpenEnum
     QUEUE = "queue"
 
 
+class OutputElasticCloudMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
 class OutputElasticCloudCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
@@ -161,17 +197,6 @@ class OutputElasticCloudQueueFullBehavior(str, Enum, metaclass=utils.OpenEnumMet
     DROP = "drop"
 
 
-class OutputElasticCloudMode(str, Enum, metaclass=utils.OpenEnumMeta):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    # Error
-    ERROR = "error"
-    # Backpressure
-    BACKPRESSURE = "backpressure"
-    # Always On
-    ALWAYS = "always"
-
-
 class OutputElasticCloudPqControlsTypedDict(TypedDict):
     pass
 
@@ -236,6 +261,16 @@ class OutputElasticCloudTypedDict(TypedDict):
     on_backpressure: NotRequired[OutputElasticCloudBackpressureBehavior]
     r"""How to handle events when all receivers are exerting backpressure"""
     description: NotRequired[str]
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputElasticCloudMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -246,8 +281,6 @@ class OutputElasticCloudTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputElasticCloudQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputElasticCloudMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputElasticCloudPqControlsTypedDict]
 
 
@@ -374,6 +407,34 @@ class OutputElasticCloud(BaseModel):
 
     description: Optional[str] = None
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputElasticCloudMode], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputElasticCloudMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -405,14 +466,6 @@ class OutputElasticCloud(BaseModel):
     ] = OutputElasticCloudQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[
-        Annotated[
-            Optional[OutputElasticCloudMode], PlainValidator(validate_open_enum(False))
-        ],
-        pydantic.Field(alias="pqMode"),
-    ] = OutputElasticCloudMode.ERROR
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputElasticCloudPqControls], pydantic.Field(alias="pqControls")
     ] = None

cribl_control_plane/models/outputfilesystem.py

@@ -146,6 +146,8 @@ class OutputFilesystemTypedDict(TypedDict):
     r"""Compression level to apply before moving files to final destination"""
     automatic_schema: NotRequired[bool]
     r"""Automatically calculate the schema based on the events of each Parquet file generated"""
+    parquet_schema: NotRequired[str]
+    r"""To add a new schema, navigate to Processing > Knowledge > Parquet Schemas"""
     parquet_version: NotRequired[OutputFilesystemParquetVersion]
     r"""Determines which data types are supported and how they are represented"""
     parquet_data_page_version: NotRequired[OutputFilesystemDataPageVersion]
@@ -304,6 +306,11 @@ class OutputFilesystem(BaseModel):
     ] = False
     r"""Automatically calculate the schema based on the events of each Parquet file generated"""
 
+    parquet_schema: Annotated[Optional[str], pydantic.Field(alias="parquetSchema")] = (
+        None
+    )
+    r"""To add a new schema, navigate to Processing > Knowledge > Parquet Schemas"""
+
     parquet_version: Annotated[
         Annotated[
             Optional[OutputFilesystemParquetVersion],

cribl_control_plane/models/outputgooglechronicle.py

@@ -155,6 +155,24 @@ class OutputGoogleChronicleCustomLabel(BaseModel):
     value: str
 
 
+class UDMType(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Defines the specific format for UDM events sent to Google SecOps. This must match the type of UDM data being sent."""
+
+    ENTITIES = "entities"
+    LOGS = "logs"
+
+
+class OutputGoogleChronicleMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
 class OutputGoogleChronicleCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
@@ -173,17 +191,6 @@ class OutputGoogleChronicleQueueFullBehavior(str, Enum, metaclass=utils.OpenEnum
     DROP = "drop"
 
 
-class OutputGoogleChronicleMode(str, Enum, metaclass=utils.OpenEnumMeta):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    # Error
-    ERROR = "error"
-    # Backpressure
-    BACKPRESSURE = "backpressure"
-    # Always On
-    ALWAYS = "always"
-
-
 class OutputGoogleChroniclePqControlsTypedDict(TypedDict):
     pass
 
@@ -262,6 +269,8 @@ class OutputGoogleChronicleTypedDict(TypedDict):
     r"""User-configured environment namespace to identify the data domain the logs originated from. Use namespace as a tag to identify the appropriate data domain for indexing and enrichment functionality. Can be overwritten by event field __namespace."""
     custom_labels: NotRequired[List[OutputGoogleChronicleCustomLabelTypedDict]]
     r"""Custom labels to be added to every batch"""
+    udm_type: NotRequired[UDMType]
+    r"""Defines the specific format for UDM events sent to Google SecOps. This must match the type of UDM data being sent."""
     api_key: NotRequired[str]
     r"""Organization's API key in Google SecOps"""
     api_key_secret: NotRequired[str]
@@ -270,6 +279,16 @@ class OutputGoogleChronicleTypedDict(TypedDict):
     r"""Contents of service account credentials (JSON keys) file downloaded from Google Cloud. To upload a file, click the upload button at this field's upper right."""
     service_account_credentials_secret: NotRequired[str]
     r"""Select or create a stored text secret"""
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputGoogleChronicleMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -280,8 +299,6 @@ class OutputGoogleChronicleTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputGoogleChronicleQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputGoogleChronicleMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputGoogleChroniclePqControlsTypedDict]
 
 
@@ -443,6 +460,12 @@ class OutputGoogleChronicle(BaseModel):
     ] = None
     r"""Custom labels to be added to every batch"""
 
+    udm_type: Annotated[
+        Annotated[Optional[UDMType], PlainValidator(validate_open_enum(False))],
+        pydantic.Field(alias="udmType"),
+    ] = UDMType.LOGS
+    r"""Defines the specific format for UDM events sent to Google SecOps. This must match the type of UDM data being sent."""
+
     api_key: Annotated[Optional[str], pydantic.Field(alias="apiKey")] = None
     r"""Organization's API key in Google SecOps"""
 
@@ -461,6 +484,35 @@ class OutputGoogleChronicle(BaseModel):
     ] = None
     r"""Select or create a stored text secret"""
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputGoogleChronicleMode],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputGoogleChronicleMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -492,15 +544,6 @@ class OutputGoogleChronicle(BaseModel):
     ] = OutputGoogleChronicleQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[
-        Annotated[
-            Optional[OutputGoogleChronicleMode],
-            PlainValidator(validate_open_enum(False)),
-        ],
-        pydantic.Field(alias="pqMode"),
-    ] = OutputGoogleChronicleMode.ERROR
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputGoogleChroniclePqControls], pydantic.Field(alias="pqControls")
     ] = None

cribl_control_plane/models/outputgooglecloudlogging.py

@@ -91,6 +91,17 @@ class OutputGoogleCloudLoggingBackpressureBehavior(
     QUEUE = "queue"
 
 
+class OutputGoogleCloudLoggingMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
 class OutputGoogleCloudLoggingCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
@@ -111,17 +122,6 @@ class OutputGoogleCloudLoggingQueueFullBehavior(
     DROP = "drop"
 
 
-class OutputGoogleCloudLoggingMode(str, Enum, metaclass=utils.OpenEnumMeta):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    # Error
-    ERROR = "error"
-    # Backpressure
-    BACKPRESSURE = "backpressure"
-    # Always On
-    ALWAYS = "always"
-
-
 class OutputGoogleCloudLoggingPqControlsTypedDict(TypedDict):
     pass
 
@@ -243,6 +243,16 @@ class OutputGoogleCloudLoggingTypedDict(TypedDict):
     description: NotRequired[str]
     payload_expression: NotRequired[str]
     r"""JavaScript expression to compute the value of the payload. Must evaluate to a JavaScript object value. If an invalid value is encountered it will result in the default value instead. Defaults to the entire event."""
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputGoogleCloudLoggingMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -253,8 +263,6 @@ class OutputGoogleCloudLoggingTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputGoogleCloudLoggingQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputGoogleCloudLoggingMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputGoogleCloudLoggingPqControlsTypedDict]
 
 
@@ -533,6 +541,35 @@ class OutputGoogleCloudLogging(BaseModel):
     ] = None
     r"""JavaScript expression to compute the value of the payload. Must evaluate to a JavaScript object value. If an invalid value is encountered it will result in the default value instead. Defaults to the entire event."""
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputGoogleCloudLoggingMode],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputGoogleCloudLoggingMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -564,15 +601,6 @@ class OutputGoogleCloudLogging(BaseModel):
     ] = OutputGoogleCloudLoggingQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[
-        Annotated[
-            Optional[OutputGoogleCloudLoggingMode],
-            PlainValidator(validate_open_enum(False)),
-        ],
-        pydantic.Field(alias="pqMode"),
-    ] = OutputGoogleCloudLoggingMode.ERROR
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputGoogleCloudLoggingPqControls], pydantic.Field(alias="pqControls")
     ] = None

cribl_control_plane/models/outputgooglecloudstorage.py

@@ -217,6 +217,8 @@ class OutputGoogleCloudStorageTypedDict(TypedDict):
     r"""Compression level to apply before moving files to final destination"""
     automatic_schema: NotRequired[bool]
     r"""Automatically calculate the schema based on the events of each Parquet file generated"""
+    parquet_schema: NotRequired[str]
+    r"""To add a new schema, navigate to Processing > Knowledge > Parquet Schemas"""
     parquet_version: NotRequired[OutputGoogleCloudStorageParquetVersion]
     r"""Determines which data types are supported and how they are represented"""
     parquet_data_page_version: NotRequired[OutputGoogleCloudStorageDataPageVersion]
@@ -445,6 +447,11 @@ class OutputGoogleCloudStorage(BaseModel):
     ] = False
     r"""Automatically calculate the schema based on the events of each Parquet file generated"""
 
+    parquet_schema: Annotated[Optional[str], pydantic.Field(alias="parquetSchema")] = (
+        None
+    )
+    r"""To add a new schema, navigate to Processing > Knowledge > Parquet Schemas"""
+
     parquet_version: Annotated[
         Annotated[
             Optional[OutputGoogleCloudStorageParquetVersion],