cribl-control-plane 0.4.0b23__py3-none-any.whl → 0.5.0b3__py3-none-any.whl

cribl_control_plane/models/functionchain.py

@@ -1,6 +1,10 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from .functionconfschemachain import (
+    FunctionConfSchemaChain,
+    FunctionConfSchemaChainTypedDict,
+)
 from cribl_control_plane.types import BaseModel
 from enum import Enum
 import pydantic
@@ -12,16 +16,6 @@ class FunctionChainID(str, Enum):
     CHAIN = "chain"
 
 
-class FunctionChainSchemaTypedDict(TypedDict):
-    processor: str
-    r"""The data processor (Pack/Pipeline) to send events through"""
-
-
-class FunctionChainSchema(BaseModel):
-    processor: str
-    r"""The data processor (Pack/Pipeline) to send events through"""
-
-
 class FunctionChainTypedDict(TypedDict):
     filename: str
     group: str
@@ -36,7 +30,7 @@ class FunctionChainTypedDict(TypedDict):
     disabled: NotRequired[bool]
     handle_signals: NotRequired[bool]
     sync: NotRequired[bool]
-    schema_: NotRequired[FunctionChainSchemaTypedDict]
+    schema_: NotRequired[FunctionConfSchemaChainTypedDict]
 
 
 class FunctionChain(BaseModel):
@@ -71,5 +65,5 @@ class FunctionChain(BaseModel):
     sync: Optional[bool] = None
 
     schema_: Annotated[
-        Optional[FunctionChainSchema], pydantic.Field(alias="schema")
+        Optional[FunctionConfSchemaChain], pydantic.Field(alias="schema")
     ] = None

cribl_control_plane/models/functionclone.py

@@ -1,10 +1,14 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from .functionconfschemaclone import (
+    FunctionConfSchemaClone,
+    FunctionConfSchemaCloneTypedDict,
+)
 from cribl_control_plane.types import BaseModel
 from enum import Enum
 import pydantic
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
 
@@ -12,16 +16,6 @@ class FunctionCloneID(str, Enum):
     CLONE = "clone"
 
 
-class FunctionCloneSchemaTypedDict(TypedDict):
-    clones: NotRequired[List[Dict[str, str]]]
-    r"""Create clones with the following fields set"""
-
-
-class FunctionCloneSchema(BaseModel):
-    clones: Optional[List[Dict[str, str]]] = None
-    r"""Create clones with the following fields set"""
-
-
 class FunctionCloneTypedDict(TypedDict):
     filename: str
     group: str
@@ -36,7 +30,7 @@ class FunctionCloneTypedDict(TypedDict):
     disabled: NotRequired[bool]
     handle_signals: NotRequired[bool]
     sync: NotRequired[bool]
-    schema_: NotRequired[FunctionCloneSchemaTypedDict]
+    schema_: NotRequired[FunctionConfSchemaCloneTypedDict]
 
 
 class FunctionClone(BaseModel):
@@ -71,5 +65,5 @@ class FunctionClone(BaseModel):
     sync: Optional[bool] = None
 
     schema_: Annotated[
-        Optional[FunctionCloneSchema], pydantic.Field(alias="schema")
+        Optional[FunctionConfSchemaClone], pydantic.Field(alias="schema")
     ] = None

cribl_control_plane/models/functioncode.py

@@ -1,6 +1,10 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from .functionconfschemacode import (
+    FunctionConfSchemaCode,
+    FunctionConfSchemaCodeTypedDict,
+)
 from cribl_control_plane.types import BaseModel
 from enum import Enum
 import pydantic
@@ -12,37 +16,6 @@ class FunctionCodeID(str, Enum):
     CODE = "code"
 
 
-class FunctionCodeSchemaTypedDict(TypedDict):
-    code: NotRequired[str]
-    r"""Caution: This Function will be evaluated in an unprotected context. This means that you will be able to execute almost any JavaScript code."""
-    max_num_of_iterations: NotRequired[float]
-    r"""The maximum number of allowed iterations within this Function. Defaults to 5,000."""
-    active_log_sample_rate: NotRequired[float]
-    r"""Rate at which this Function logs errors. For example, a value of 1 (the default) logs every error, a value of 10 logs every tenth error, and so on."""
-    use_unique_log_channel: NotRequired[bool]
-    r"""Logs from this Function will be sent to a unique channel in the form `func:code:${pipelineName}:${functionIndex}`. Disable to use the generic `func:code` log channel instead."""
-
-
-class FunctionCodeSchema(BaseModel):
-    code: Optional[str] = None
-    r"""Caution: This Function will be evaluated in an unprotected context. This means that you will be able to execute almost any JavaScript code."""
-
-    max_num_of_iterations: Annotated[
-        Optional[float], pydantic.Field(alias="maxNumOfIterations")
-    ] = 5000
-    r"""The maximum number of allowed iterations within this Function. Defaults to 5,000."""
-
-    active_log_sample_rate: Annotated[
-        Optional[float], pydantic.Field(alias="activeLogSampleRate")
-    ] = 1
-    r"""Rate at which this Function logs errors. For example, a value of 1 (the default) logs every error, a value of 10 logs every tenth error, and so on."""
-
-    use_unique_log_channel: Annotated[
-        Optional[bool], pydantic.Field(alias="useUniqueLogChannel")
-    ] = True
-    r"""Logs from this Function will be sent to a unique channel in the form `func:code:${pipelineName}:${functionIndex}`. Disable to use the generic `func:code` log channel instead."""
-
-
 class FunctionCodeTypedDict(TypedDict):
     filename: str
     group: str
@@ -57,7 +30,7 @@ class FunctionCodeTypedDict(TypedDict):
     disabled: NotRequired[bool]
     handle_signals: NotRequired[bool]
     sync: NotRequired[bool]
-    schema_: NotRequired[FunctionCodeSchemaTypedDict]
+    schema_: NotRequired[FunctionConfSchemaCodeTypedDict]
 
 
 class FunctionCode(BaseModel):
@@ -91,6 +64,6 @@ class FunctionCode(BaseModel):
 
     sync: Optional[bool] = None
 
-    schema_: Annotated[Optional[FunctionCodeSchema], pydantic.Field(alias="schema")] = (
-        None
-    )
+    schema_: Annotated[
+        Optional[FunctionConfSchemaCode], pydantic.Field(alias="schema")
+    ] = None

cribl_control_plane/models/functioncomment.py

@@ -1,6 +1,10 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from .functionconfschemacomment import (
+    FunctionConfSchemaComment,
+    FunctionConfSchemaCommentTypedDict,
+)
 from cribl_control_plane.types import BaseModel
 from enum import Enum
 import pydantic
@@ -12,16 +16,6 @@ class FunctionCommentID(str, Enum):
     COMMENT = "comment"
 
 
-class FunctionCommentSchemaTypedDict(TypedDict):
-    comment: NotRequired[str]
-    r"""Optional, short description of this Function's purpose in the Pipeline"""
-
-
-class FunctionCommentSchema(BaseModel):
-    comment: Optional[str] = None
-    r"""Optional, short description of this Function's purpose in the Pipeline"""
-
-
 class FunctionCommentTypedDict(TypedDict):
     filename: str
     group: str
@@ -36,7 +30,7 @@ class FunctionCommentTypedDict(TypedDict):
     disabled: NotRequired[bool]
     handle_signals: NotRequired[bool]
     sync: NotRequired[bool]
-    schema_: NotRequired[FunctionCommentSchemaTypedDict]
+    schema_: NotRequired[FunctionConfSchemaCommentTypedDict]
 
 
 class FunctionComment(BaseModel):
@@ -71,5 +65,5 @@ class FunctionComment(BaseModel):
     sync: Optional[bool] = None
 
     schema_: Annotated[
-        Optional[FunctionCommentSchema], pydantic.Field(alias="schema")
+        Optional[FunctionConfSchemaComment], pydantic.Field(alias="schema")
     ] = None

cribl_control_plane/models/functionconfschemaaggregatemetrics.py

@@ -0,0 +1,153 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import models, utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic import field_serializer
+from pydantic.functional_validators import PlainValidator
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class FunctionConfSchemaAggregateMetricsMetricType(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
+    r"""The output metric type"""
+
+    AUTOMATIC = "automatic"
+    COUNTER = "counter"
+    DISTRIBUTION = "distribution"
+    GAUGE = "gauge"
+    HISTOGRAM = "histogram"
+    SUMMARY = "summary"
+    TIMER = "timer"
+
+
+class FunctionConfSchemaAggregateMetricsAggregationTypedDict(TypedDict):
+    agg: str
+    r"""Aggregate function to perform on events. Example: sum(bytes).where(action=='REJECT').as(TotalBytes)"""
+    metric_type: NotRequired[FunctionConfSchemaAggregateMetricsMetricType]
+    r"""The output metric type"""
+
+
+class FunctionConfSchemaAggregateMetricsAggregation(BaseModel):
+    agg: str
+    r"""Aggregate function to perform on events. Example: sum(bytes).where(action=='REJECT').as(TotalBytes)"""
+
+    metric_type: Annotated[
+        Annotated[
+            Optional[FunctionConfSchemaAggregateMetricsMetricType],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="metricType"),
+    ] = FunctionConfSchemaAggregateMetricsMetricType.AUTOMATIC
+    r"""The output metric type"""
+
+    @field_serializer("metric_type")
+    def serialize_metric_type(self, value):
+        if isinstance(value, str):
+            try:
+                return models.FunctionConfSchemaAggregateMetricsMetricType(value)
+            except ValueError:
+                return value
+        return value
+
+
+class FunctionConfSchemaAggregateMetricsAddTypedDict(TypedDict):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+    name: NotRequired[str]
+
+
+class FunctionConfSchemaAggregateMetricsAdd(BaseModel):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+    name: Optional[str] = None
+
+
+class FunctionConfSchemaAggregateMetricsTypedDict(TypedDict):
+    passthrough: NotRequired[bool]
+    r"""Pass through the original events along with the aggregation events"""
+    preserve_group_bys: NotRequired[bool]
+    r"""Preserve the structure of the original aggregation event's groupby fields"""
+    sufficient_stats_only: NotRequired[bool]
+    r"""Output only statistics that are sufficient for the supplied aggregations"""
+    prefix: NotRequired[str]
+    r"""A prefix that is prepended to all of the fields output by this Aggregations Function"""
+    time_window: NotRequired[str]
+    r"""The time span of the tumbling window for aggregating events. Must be a valid time string (such as 10s)."""
+    aggregations: NotRequired[
+        List[FunctionConfSchemaAggregateMetricsAggregationTypedDict]
+    ]
+    r"""Combination of Aggregation function and output metric type"""
+    groupbys: NotRequired[List[str]]
+    r"""Optional: One or more dimensions to group aggregates by. Supports wildcard expressions. Wrap dimension names in quotes if using literal identifiers, such as 'service.name'. Warning: Using wildcard '*' causes all dimensions in the event to be included, which can result in high cardinality and increased memory usage. Exclude dimensions that can result in high cardinality before using wildcards. Example: !_time, !_numericValue, *"""
+    flush_event_limit: NotRequired[float]
+    r"""The maximum number of events to include in any given aggregation event"""
+    flush_mem_limit: NotRequired[str]
+    r"""The memory usage limit to impose upon aggregations. Defaults to 80% of the process memory; value configured above default limit is ignored. Accepts numerals with units like KB and MB (example: 128MB)."""
+    cumulative: NotRequired[bool]
+    r"""Enable to retain aggregations for cumulative aggregations when flushing out an aggregation table event. When disabled (the default), aggregations are reset to 0 on flush."""
+    should_treat_dots_as_literals: NotRequired[bool]
+    r"""Treat dots in dimension names as literals. This is useful for top-level dimensions that contain dots, such as 'service.name'."""
+    add: NotRequired[List[FunctionConfSchemaAggregateMetricsAddTypedDict]]
+    r"""Set of key-value pairs to evaluate and add/set"""
+    flush_on_input_close: NotRequired[bool]
+    r"""Flush aggregations when an input stream is closed. If disabled, Time Window Settings control flush behavior."""
+
+
+class FunctionConfSchemaAggregateMetrics(BaseModel):
+    passthrough: Optional[bool] = False
+    r"""Pass through the original events along with the aggregation events"""
+
+    preserve_group_bys: Annotated[
+        Optional[bool], pydantic.Field(alias="preserveGroupBys")
+    ] = False
+    r"""Preserve the structure of the original aggregation event's groupby fields"""
+
+    sufficient_stats_only: Annotated[
+        Optional[bool], pydantic.Field(alias="sufficientStatsOnly")
+    ] = False
+    r"""Output only statistics that are sufficient for the supplied aggregations"""
+
+    prefix: Optional[str] = None
+    r"""A prefix that is prepended to all of the fields output by this Aggregations Function"""
+
+    time_window: Annotated[Optional[str], pydantic.Field(alias="timeWindow")] = "10s"
+    r"""The time span of the tumbling window for aggregating events. Must be a valid time string (such as 10s)."""
+
+    aggregations: Optional[List[FunctionConfSchemaAggregateMetricsAggregation]] = None
+    r"""Combination of Aggregation function and output metric type"""
+
+    groupbys: Optional[List[str]] = None
+    r"""Optional: One or more dimensions to group aggregates by. Supports wildcard expressions. Wrap dimension names in quotes if using literal identifiers, such as 'service.name'. Warning: Using wildcard '*' causes all dimensions in the event to be included, which can result in high cardinality and increased memory usage. Exclude dimensions that can result in high cardinality before using wildcards. Example: !_time, !_numericValue, *"""
+
+    flush_event_limit: Annotated[
+        Optional[float], pydantic.Field(alias="flushEventLimit")
+    ] = None
+    r"""The maximum number of events to include in any given aggregation event"""
+
+    flush_mem_limit: Annotated[Optional[str], pydantic.Field(alias="flushMemLimit")] = (
+        None
+    )
+    r"""The memory usage limit to impose upon aggregations. Defaults to 80% of the process memory; value configured above default limit is ignored. Accepts numerals with units like KB and MB (example: 128MB)."""
+
+    cumulative: Optional[bool] = False
+    r"""Enable to retain aggregations for cumulative aggregations when flushing out an aggregation table event. When disabled (the default), aggregations are reset to 0 on flush."""
+
+    should_treat_dots_as_literals: Annotated[
+        Optional[bool], pydantic.Field(alias="shouldTreatDotsAsLiterals")
+    ] = True
+    r"""Treat dots in dimension names as literals. This is useful for top-level dimensions that contain dots, such as 'service.name'."""
+
+    add: Optional[List[FunctionConfSchemaAggregateMetricsAdd]] = None
+    r"""Set of key-value pairs to evaluate and add/set"""
+
+    flush_on_input_close: Annotated[
+        Optional[bool], pydantic.Field(alias="flushOnInputClose")
+    ] = True
+    r"""Flush aggregations when an input stream is closed. If disabled, Time Window Settings control flush behavior."""

cribl_control_plane/models/functionconfschemaaggregation.py

@@ -0,0 +1,114 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane.types import BaseModel
+import pydantic
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class FunctionConfSchemaAggregationAddTypedDict(TypedDict):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+    name: NotRequired[str]
+
+
+class FunctionConfSchemaAggregationAdd(BaseModel):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+    name: Optional[str] = None
+
+
+class FunctionConfSchemaAggregationTypedDict(TypedDict):
+    passthrough: NotRequired[bool]
+    r"""Pass through the original events along with the aggregation events"""
+    preserve_group_bys: NotRequired[bool]
+    r"""Preserve the structure of the original aggregation event's groupby fields"""
+    sufficient_stats_only: NotRequired[bool]
+    r"""Output only statistics that are sufficient for the supplied aggregations"""
+    metrics_mode: NotRequired[bool]
+    r"""Enable to output the aggregates as metrics. When disabled, aggregates are output as events."""
+    prefix: NotRequired[str]
+    r"""A prefix that is prepended to all of the fields output by this Aggregations Function"""
+    time_window: NotRequired[str]
+    r"""The time span of the tumbling window for aggregating events. Must be a valid time string (such as 10s)."""
+    aggregations: NotRequired[List[str]]
+    r"""Aggregate function to perform on events. Example: sum(bytes).where(action=='REJECT').as(TotalBytes)"""
+    groupbys: NotRequired[List[str]]
+    r"""Optional: One or more fields to group aggregates by. Supports wildcard expressions. Warning: Using wildcard '*' causes all fields in the event to be included, which can result in high cardinality and increased memory usage. Exclude fields that can result in high cardinality before using wildcards. Example: !_time, !_numericValue, *"""
+    flush_event_limit: NotRequired[float]
+    r"""The maximum number of events to include in any given aggregation event"""
+    flush_mem_limit: NotRequired[str]
+    r"""The memory usage limit to impose upon aggregations. Defaults to 80% of the process memory; value configured above default limit is ignored. Accepts numerals with units like KB and MB (example: 128MB)."""
+    cumulative: NotRequired[bool]
+    r"""Enable to retain aggregations for cumulative aggregations when flushing out an aggregation table event. When disabled (the default), aggregations are reset to 0 on flush."""
+    search_agg_mode: NotRequired[str]
+    r"""Allows Cribl Search-specific aggregation configuration"""
+    add: NotRequired[List[FunctionConfSchemaAggregationAddTypedDict]]
+    r"""Set of key-value pairs to evaluate and add/set"""
+    should_treat_dots_as_literals: NotRequired[bool]
+    r"""Treat dots in dimension names as literals. This is useful for top-level dimensions that contain dots, such as 'service.name'."""
+    flush_on_input_close: NotRequired[bool]
+    r"""Flush aggregations when an input stream is closed. If disabled, Time Window Settings control flush behavior."""
+
+
+class FunctionConfSchemaAggregation(BaseModel):
+    passthrough: Optional[bool] = False
+    r"""Pass through the original events along with the aggregation events"""
+
+    preserve_group_bys: Annotated[
+        Optional[bool], pydantic.Field(alias="preserveGroupBys")
+    ] = False
+    r"""Preserve the structure of the original aggregation event's groupby fields"""
+
+    sufficient_stats_only: Annotated[
+        Optional[bool], pydantic.Field(alias="sufficientStatsOnly")
+    ] = False
+    r"""Output only statistics that are sufficient for the supplied aggregations"""
+
+    metrics_mode: Annotated[Optional[bool], pydantic.Field(alias="metricsMode")] = False
+    r"""Enable to output the aggregates as metrics. When disabled, aggregates are output as events."""
+
+    prefix: Optional[str] = None
+    r"""A prefix that is prepended to all of the fields output by this Aggregations Function"""
+
+    time_window: Annotated[Optional[str], pydantic.Field(alias="timeWindow")] = "10s"
+    r"""The time span of the tumbling window for aggregating events. Must be a valid time string (such as 10s)."""
+
+    aggregations: Optional[List[str]] = None
+    r"""Aggregate function to perform on events. Example: sum(bytes).where(action=='REJECT').as(TotalBytes)"""
+
+    groupbys: Optional[List[str]] = None
+    r"""Optional: One or more fields to group aggregates by. Supports wildcard expressions. Warning: Using wildcard '*' causes all fields in the event to be included, which can result in high cardinality and increased memory usage. Exclude fields that can result in high cardinality before using wildcards. Example: !_time, !_numericValue, *"""
+
+    flush_event_limit: Annotated[
+        Optional[float], pydantic.Field(alias="flushEventLimit")
+    ] = None
+    r"""The maximum number of events to include in any given aggregation event"""
+
+    flush_mem_limit: Annotated[Optional[str], pydantic.Field(alias="flushMemLimit")] = (
+        None
+    )
+    r"""The memory usage limit to impose upon aggregations. Defaults to 80% of the process memory; value configured above default limit is ignored. Accepts numerals with units like KB and MB (example: 128MB)."""
+
+    cumulative: Optional[bool] = False
+    r"""Enable to retain aggregations for cumulative aggregations when flushing out an aggregation table event. When disabled (the default), aggregations are reset to 0 on flush."""
+
+    search_agg_mode: Annotated[Optional[str], pydantic.Field(alias="searchAggMode")] = (
+        None
+    )
+    r"""Allows Cribl Search-specific aggregation configuration"""
+
+    add: Optional[List[FunctionConfSchemaAggregationAdd]] = None
+    r"""Set of key-value pairs to evaluate and add/set"""
+
+    should_treat_dots_as_literals: Annotated[
+        Optional[bool], pydantic.Field(alias="shouldTreatDotsAsLiterals")
+    ] = False
+    r"""Treat dots in dimension names as literals. This is useful for top-level dimensions that contain dots, such as 'service.name'."""
+
+    flush_on_input_close: Annotated[
+        Optional[bool], pydantic.Field(alias="flushOnInputClose")
+    ] = True
+    r"""Flush aggregations when an input stream is closed. If disabled, Time Window Settings control flush behavior."""

cribl_control_plane/models/functionconfschemaautotimestamp.py

@@ -0,0 +1,116 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import models, utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic import field_serializer
+from pydantic.functional_validators import PlainValidator
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class DefaultTime(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""How to set the time field if no timestamp is found"""
+
+    # Current Time
+    NOW = "now"
+    # Last Event's Time
+    LAST = "last"
+    # None
+    NONE = "none"
+
+
+class TimestampTypedDict(TypedDict):
+    regex: str
+    r"""Regex with first capturing group matching the timestamp"""
+    strptime: str
+    r"""Select or enter strptime format for the captured timestamp"""
+
+
+class Timestamp(BaseModel):
+    regex: str
+    r"""Regex with first capturing group matching the timestamp"""
+
+    strptime: str
+    r"""Select or enter strptime format for the captured timestamp"""
+
+
+class FunctionConfSchemaAutoTimestampTypedDict(TypedDict):
+    src_field: NotRequired[str]
+    r"""Field to search for a timestamp"""
+    dst_field: NotRequired[str]
+    r"""Field to place timestamp in"""
+    default_timezone: NotRequired[str]
+    r"""Timezone to assign to timestamps without timezone info"""
+    time_expression: NotRequired[str]
+    r"""Expression to use to format time. Current time, as a JavaScript Date object, is in global `time`. You can access other fields' values via __e.<fieldName>."""
+    offset: NotRequired[float]
+    r"""The offset into the string from which to look for a timestamp"""
+    max_len: NotRequired[float]
+    r"""Maximum string length at which to look for a timestamp"""
+    default_time: NotRequired[DefaultTime]
+    r"""How to set the time field if no timestamp is found"""
+    latest_date_allowed: NotRequired[str]
+    r"""The latest timestamp value allowed relative to now, such as +42days. Parsed values after this date will be set to the Default time."""
+    spacer: NotRequired[str]
+    earliest_date_allowed: NotRequired[str]
+    r"""The earliest timestamp value allowed relative to now, such as -42years. Parsed values prior to this date will be set to the Default time."""
+    timestamps: NotRequired[List[TimestampTypedDict]]
+    r"""Add regex/strptime pairs to extract additional timestamp formats"""
+
+
+class FunctionConfSchemaAutoTimestamp(BaseModel):
+    src_field: Annotated[Optional[str], pydantic.Field(alias="srcField")] = "_raw"
+    r"""Field to search for a timestamp"""
+
+    dst_field: Annotated[Optional[str], pydantic.Field(alias="dstField")] = "_time"
+    r"""Field to place timestamp in"""
+
+    default_timezone: Annotated[
+        Optional[str], pydantic.Field(alias="defaultTimezone")
+    ] = "local"
+    r"""Timezone to assign to timestamps without timezone info"""
+
+    time_expression: Annotated[
+        Optional[str], pydantic.Field(alias="timeExpression")
+    ] = "time.getTime() / 1000"
+    r"""Expression to use to format time. Current time, as a JavaScript Date object, is in global `time`. You can access other fields' values via __e.<fieldName>."""
+
+    offset: Optional[float] = 0
+    r"""The offset into the string from which to look for a timestamp"""
+
+    max_len: Annotated[Optional[float], pydantic.Field(alias="maxLen")] = 150
+    r"""Maximum string length at which to look for a timestamp"""
+
+    default_time: Annotated[
+        Annotated[Optional[DefaultTime], PlainValidator(validate_open_enum(False))],
+        pydantic.Field(alias="defaultTime"),
+    ] = DefaultTime.NOW
+    r"""How to set the time field if no timestamp is found"""
+
+    latest_date_allowed: Annotated[
+        Optional[str], pydantic.Field(alias="latestDateAllowed")
+    ] = "+1week"
+    r"""The latest timestamp value allowed relative to now, such as +42days. Parsed values after this date will be set to the Default time."""
+
+    spacer: Optional[str] = None
+
+    earliest_date_allowed: Annotated[
+        Optional[str], pydantic.Field(alias="earliestDateAllowed")
+    ] = "-420weeks"
+    r"""The earliest timestamp value allowed relative to now, such as -42years. Parsed values prior to this date will be set to the Default time."""
+
+    timestamps: Optional[List[Timestamp]] = None
+    r"""Add regex/strptime pairs to extract additional timestamp formats"""
+
+    @field_serializer("default_time")
+    def serialize_default_time(self, value):
+        if isinstance(value, str):
+            try:
+                return models.DefaultTime(value)
+            except ValueError:
+                return value
+        return value

cribl_control_plane/models/functionconfschemacef.py

@@ -0,0 +1,83 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane.types import BaseModel
+import pydantic
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class HeaderTypedDict(TypedDict):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+    name: NotRequired[str]
+
+
+class Header(BaseModel):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+    name: Optional[str] = None
+
+
+class ExtensionTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+
+class Extension(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+
+class FunctionConfSchemaCefTypedDict(TypedDict):
+    output_field: NotRequired[str]
+    r"""The field to which the CEF formatted event will be output"""
+    header: NotRequired[List[HeaderTypedDict]]
+    r"""Set of header key/value pairs"""
+    extension: NotRequired[List[ExtensionTypedDict]]
+    r"""Set of extension key-value pairs"""
+
+
+class FunctionConfSchemaCef(BaseModel):
+    output_field: Annotated[Optional[str], pydantic.Field(alias="outputField")] = "_raw"
+    r"""The field to which the CEF formatted event will be output"""
+
+    header: Optional[List[Header]] = None
+    r"""Set of header key/value pairs"""
+
+    extension: Optional[List[Extension]] = None
+    r"""Set of extension key-value pairs"""
+
+
+class HeaderInputTypedDict(TypedDict):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+
+class HeaderInput(BaseModel):
+    value: str
+    r"""JavaScript expression to compute the value (can be constant)"""
+
+
+class FunctionConfSchemaCefInputTypedDict(TypedDict):
+    output_field: NotRequired[str]
+    r"""The field to which the CEF formatted event will be output"""
+    header: NotRequired[List[HeaderInputTypedDict]]
+    r"""Set of header key/value pairs"""
+    extension: NotRequired[List[ExtensionTypedDict]]
+    r"""Set of extension key-value pairs"""
+
+
+class FunctionConfSchemaCefInput(BaseModel):
+    output_field: Annotated[Optional[str], pydantic.Field(alias="outputField")] = "_raw"
+    r"""The field to which the CEF formatted event will be output"""
+
+    header: Optional[List[HeaderInput]] = None
+    r"""Set of header key/value pairs"""
+
+    extension: Optional[List[Extension]] = None
+    r"""Set of extension key-value pairs"""