LOGSOURCE: Log Source
An external system authorised to ingest log events into DemandFlow's SIEM. Each LOGSOURCE owns one ingest API key, has its own rate limit and lifecycle, and acts as the parent for the LOG events it produces.
Default definition. This article describes the default
LOGSOURCE definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches LOGSOURCE.Entity properties
| Property | Value |
|---|---|
| Entity code | LOGSOURCE |
| Display name | Log Source |
| Plural | Log Sources |
| Level | 9100 |
Use cases
LOGSOURCE is the user-facing registry of systems sending logs to DemandFlow. It is admin-only because it controls machine credentials. The General panel captures the human display name (sourceName, editable) and an immutable slug (sourceId, set once when the first ingest key is generated and used in the comboKey of every LOG record this source produces).
Fields
Source Information
| Field | Type | Required | Notes |
|---|---|---|---|
name | text | Yes | Human-readable display label. Can be edited at any time without affecting historical events. |
sourceId | text | Immutable slug stamped onto every event. Generated automatically when the first ingest key is created. Renaming the source does NOT change this value. Read only. | |
sourceType | enum | Yes | Format of incoming events. More types (CEF, syslog, Apache, etc.) will be added in future phases. Valid ids: generic-json (Generic JSON). |
active | enum | Soft-disable a source without deleting historical events. Inactive sources reject all incoming events with 403. Valid ids: 1 (Yes), 0 (No). | |
rateLimit | number | Maximum events per second this source may submit. Excess returns 429. | |
heartbeatIntervalMinutes | number | How often this source is expected to send at least one event. If no events arrive within this window, the source is flagged as Silent on the Source Health dashboard. 0 disables heartbeat monitoring. | |
platform | reference → NWPLATINST | Optional. Associate this source with a platform instance so log events, source health and alert rules can be grouped and scoped by the platform they belong to. | |
description | text (multi-line) | Description |
Status
| Field | Type | Required | Notes |
|---|---|---|---|
created | timestamp | Created Read only. | |
lastUsedAt | timestamp | Updated fire-and-forget by the ingest Lambda. May lag real activity by up to a minute. Read only. | |
keyHashPrefix | text | First 8 characters of the SHA-256 hash of the active key. lets admins identify which key is in use without exposing it. Read only. | |
keyGeneratedAt | timestamp | Key Generated Read only. | |
keyGeneratedBy | reference → user | Key Generated By Read only. |
How to send events
| Field | Type | Required | Notes |
|---|---|---|---|
ingestEndpointUrl | text (URL) | POST your NDJSON batches to this URL with header X-DF-Source-Key set to your ingest key. Max 500 events per request, max 1 MB body. Read only. | |
ingestExample | text (multi-line) | Copy-paste example for testing. The {KEY} placeholder is replaced with your active key only when shown to an admin who has just generated it. Read only. |
Activity. Activity timeline panel attached.
Relationships
- Lookups:
platformpoints at aNWPLATINSTrecord. - Related lists:
LOG(formatSUB|LOGSOURCE|LOG).
Creating a Log Source via the API
POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json
{
"entity": "LOGSOURCE",
"level": 9100,
"comboKey": "SUB:<your-sub-id>|ENT:",
"name": "Example",
"sourceType": "generic-json",
"sourceId": "Example",
"active": "1"
}Listing Log Sources records
# All log sources in your tenant
GET /v1/entities/LOGSOURCE/SUB