The chaossearch_view resource creates or updates a Refinery view to search the indexed data from one or more object groups. You can use the view for analytics queries, searches, and visualizations.

When creating views and specifying values for fields, it can be helpful to review the information for creating views in the UI as well as for creating views using the ChaosSearch API.

Example Usage

The structure of the resource follows:

resource "chaossearch_view" "view" {
  bucket = "tf-provider-view" 
  case_insensitive = false 
  index_pattern = ".*" 
  index_retention = -1 
  overwrite = true 
  sources = ["tf-provider"] 
  time_field_name = "timestamp" 
  filter {
    predicate {
      type = "chaossumo.query.NIRFrontend.Request.Predicate.Negate" 
      pred = {
        type = "chaossumo.query.NIRFrontend.Request.Predicate.TextMatch" 
        field = "STATUS" 
        query = "*F*" 
        state { 
          type = "chaossumo.query.QEP.Predicate.TextMatchState.Exact"
        }
      }
    }
  }
  transforms = [
    jsonencode( 
      {
        "_type": "PartitionKeyTransform" 
        "keyPart": 0 
        "inputField": "cs_partition_key_0" 
      }
    ),
    jsonencode(
      { 
        "_type": "PartitionKeyTransform"
        "keyPart": 1 
        "inputField": "cs_partition_key_1"
      }
  ]
}

Argument Reference

Field					Required	Description
`bucket`					Yes	The name of the view to create or update
`case_insensitive`					No	Indicates whether the view requires case-sensitive input for fields and values, or whether case-insensitive querying is supported. The default is `false`, which means that input values are case-sensitive (e.g., acme will not match Acme). For best query performance, use case-sensitive views.
`index_pattern`					No	A regex pattern that limits searches to specific daily interval files for the object group(s) associated with the view. The default is to search all associated daily intervals. Specify a pattern to search specific daily intervals such as those for specific numbered days of the month, and so forth.
`index_retention`					No	A window that specifies a previous number of days of daily intervals that the view can query. A value of 7 allows the view to search only the last 7 days of daily intervals, even if there is more/older indexed data for the object groups in the view. A value of -1 allows the view to query against all associated daily intervals.
`overwrite`					No	If the view already exists, this is a boolean value to specify whether Terraform can update the existing view (`yes`), or if a view update should fail when the view name already exists (`no`).
`sources`					Yes	A list of one or more object groups (and their indexed data) that the view can search
`time_field_name`					Yes	A timeval data type column within the indexed data of the associated sources to use as a timestamp (such as for a Kibana/OpenSearch histogram)
`filter`					No	A container for one or more filter predicates
	`predicate`				No	A filter predicate rule container
		`type`			No	A value that indicates the relationship of the specified preds or pred values to each other, or how to use the query value for the analysis. Valid values are: And: `chaossumo.query.NIRFrontend.Request.Predicate.AND` Or: `chaossumo.query.NIRFrontend.Request.Predicate.Or` Negate (not, or not including): `chaossumo.query.NIRFrontend.Request.Predicate.Negate` TextMatch: `chaossumo.query.NIRFrontend.Request.Predicate.TextMatch` Range: `chaossumo.query.NIRFrontend.Request.Predicate.Range` Exists: `chaossumo.query.NIRFrontend.Request.Predicate.Exists` "And" and "Or" types are primarily used when there are multiple preds specified. NOTE:* If "And" or "Or" are used with a single pred, the API returns a JSON Parse error.
		`pred`			No	A container for only one filter preciate
		`preds`			No	A container for several filter predicates Takes in an array of JSON fields and settings. Follows the same structure as `pred`, but also supports nested `preds`.
			`type`		No	One of the predicate `type` values above.
			`field`		No	The name of a column (which usually has a one-to-one map to fields in a view) in the indexed data to query; could be a virtually transformed field from the view definition
			`query`		No	A value for the filter query
			`state`			A container for a filtering instruction
				`type`	No	A more-refined filtering instruction for the specific field, like one of the `TextExact`, `Match`, `Exists`, `Negate`, or `Range`
`transforms`					No	An array of transformations that can be applied to columns in the indexed data to create virtual transformations (virtual columns) that can be displayed by the view.
	`jsonencode`				No	A container of one or more arrays of JSON instructions to transform an input column with the specified transformation type and pattern
	`_type`				No	A type of transformation: `PartitionKeyTransform` specifies a column (usually `cs_partition_key_x`) that can restrict the view to a specific set of isolated records for a specific customer or business unit (however the data is isolated). `IPFieldTransform` transforms the specified string `inputField` containing an IP value to be treated as an IP address. `MaterializeRegexTransform` applies a regular expression to the `inputField` to transform it using a regex pattern to one or more new, virtual `outputFields`. `GeoPointFieldTransform` transforms the specified `inputField` containing geographical information into Geopoint data to be analyzed as map data. `VerticalArrayTransform` (only for views on JSON files indexed using the horizontal flattening option) specifies a list of one or more horizontally stored columns that can be queried as virtual, vertically expanded, values. `MaterializeJSONTransform` for JSON views, applies a JSONPath expression to the `inputField` to transform it to one or more new, virtual, outputFields. `NestedFieldTransform` specifies that a JSON string column can support searches that use Elastic nested path expressions to query for values in a Search Analytics > Discover filter or in Elastic API search calls.
	`inputField`				No	The column name on which to apply the specified transform type
	`keyPart`				No	For `PartitionKeyTransform`, the partition ID of the data to associate with a `cs_partition_key_x` column
`	`pattern`				No	For a `MaterializeRegexTransform`, a regular expression with capture groups to extract the values from the `inputField` on which to apply the transformation
	`paths`				No	For a `MaterializeJSONTransform`, a JSONPath expression to extract the values from the `inputField` on which to apply the transformation
	`outputFields`				No	For a `MaterializeRegexTransform`, an array of columns and their data type that to materialize from the `inputField` via the regex pattern
	`format`				No	For a `GeoPointFieldTransform`, the float field to treat as longitude or latitude information
	`vertical`				No	For a `VerticalArrayTransform` of JSON data that has been stored with horizontal flattening, a list of one or more nested JSON arrays to expand virtually in a vertical manner within the view for more granular filtering. For example:\ `"vertical":[ "array_name", "array_name2", ...]\`