Adding a context table

To add a context table:

1. In the KUMA web interface, select the Resources section.
2. In the Resources section, click Context tables.
3. In the Context tables window, click Create new.

   This opens the Create context table window.

4. In the Name field, enter a name for the context table.
5. In the Tenant drop-down list, select the tenant that owns the resource.
6. In the TTL field, specify time the record added to the context table is stored in it.

   When the specified time expires, the record is deleted. The time is specified in seconds. The maximum value is 31536000 (1 year).

   The default value is 0. If the value of the field is 0, the record is stored indefinitely.

7. In the Tags drop-down list, select the tags for the context table that you are creating.

   The list includes all available tags created in the tenant of the resource and in the Shared tenant. You can find a tag in the list by typing its name in the field. If the tag you entered does not exist, you can press Enter or click Add to create it.

8. In the Description field, provide any additional information.

   You can use up to 4,000 Unicode characters.

   This field is optional.

9. On the Schema tab, specify which fields the context table has and the data types of the fields.

   Depending on the data type, a field may or may not be a key field. At least one field of the table must be a key field. All field names must be unique.

   To add a table row, click Add and fill in the table fields:

   1. In the Name field, enter the name of the field. The maximum length is 128 characters.
   2. In the Type drop-down list, select the data type for the field.

      Possible field data types

      Possible data types of context table fields

      Field data type	Can be a key field	Comment
      Integer	Yes
      Floating point number	Yes
      String	Yes
      Boolean	Yes
      Timestamp	Yes	For a field of this type, it is checked that the field value is greater than or equal to zero. No other operations are provided.
      IP address	Yes	For a field of this type, it is checked that the field value corresponds to the IPv4, IPv6 format. No other operations are provided.
      Integer list	No
      Float list	No
      List of strings	No
      Boolean list	No
      Timestamp list	No	For a field of this type, it is checked that each item in the list is greater than or equal to zero. No other operations are provided.
      IP list	No	For a field of this type, it is checked that each item of the list corresponds to the IPv4, IPv6 format. No other operations are provided.

   3. If you want to make a field a key field, select the Key field check box.

      A table can have multiple key fields. Key fields are chosen when the context table is created, uniquely identify a table entry and cannot be changed.

      If a context table has multiple key fields, each table entry is uniquely identified by multiple fields (composite key).

10. Add the required number of context table rows.

    After the context table is saved, changing the number of rows is not possible.

11. Click the Create button.

The context table is added.

After adding the context table, link it to a correlation rule in the correlation rule settings in the Context tables update section. Then link this correlation rule to a correlator.

After linking the correlation rule to a correlator, the Correlator field and the Content section appear in the context table settings, in which you can manage the contents of the context table.

Page top