?

1 to N

Overview

Received data from a single source such as a log and split the records into an array of entries.

In this example, syslog from the Cisco ASA 302013 firewall which is in a string format is normalized into a standardized JSON format.

A Service (equvalent to a function in programming) will be used for this example.

Example Configuration

Learn how to use

Tutorial

Supporting Concepts

Basic concepts needed for the use case

Topic	Description
API	An API in API AutoFlow is simply an OpenAPI model
Server	A server accepts and handles the request and response.
Simulation	Data simulation is a mock data simulated for the purpose of visualizing the data in every step of the workflow. Simulated data is NOT the real data but a sample data you create. To use real data, use the Transaction feature to capture the data you send from Postman or CURL.
Scope	A scope is a namespace for variables.
Data Types	Data types describe the different types or kinds of data that you are gonna store and work with.

Use case specific concepts

Topic	Description
Action string/split-by-newline	This Action returns array that splits a given string based on a newline.
Action iteration/map	Iterate over array of data mapping result to each array position.
Action string/split-by	This Action returns array that divides a string into parts based on a pattern.

Detail

The service has a single input:

• syslog: a string that has multiple lines of record.

%ASA-6-302013: TCP connection 933 OUTSIDE:172.217.169.68
%ASA-6-302013: TCP connection 935 OUTSIDE:23.40.43.75

The goal of the operation is to extract the IP address and port number from each record (each line).

The return should be an array of objects like:

[
  {
    "ip": "172.217.169.68",
    "port": "933 "
  },
  {
    "ip": "23.40.43.75",
    "port": "935 "
  }
]

Content

INPUT: HTTP Request

1: Create an API endpoint

Required Concepts

Learn how to create an API.

Create an API

From the left navigation, go to the API section and create a new API.

• ID: sample-data-transformation

Create an API Path

• Path: /1-to-n
• Method: POST

2. Create a Server Operation

Required Concepts

Learn how to create a Server.

Create a Server

From the left navigation, go to the Server section and create a new Server.

• Server ID: sample-data-transformation
• Port Number: 1114 Feel free to select your own port number
• Linked API: sample-data-transformation (select the API you created above)

Create a Server Operation

• Press the "Add API Operation"
• Select the API endpoint created above

3 : Create Data Simulation using Real Data

Required Concepts

Learn how to create a Simulation.

We will use the "real data" to create the test simulation.

1. Send a HTTP request from Postman or cURL

API Autoflow Postman Collections

cURL

curl --location 'localhost:1114/1-to-n' \
--header 'Content-Type: application/json' \
--data '{
  "data": "%ASA-6-302013: TCP connection 933 OUTSIDE:172.217.169.68\n%ASA-6-302013: TCP connection 935 OUTSIDE:23.40.43.75"
}'

2. Check the data is received by the server endpoint

API Autoflow captures the data received and it can be used to create data simulation.

Action(s)

Required Concepts

Learn how to create a Actions.

Add actions to transform the data.

1. Configure string/split-by-newline action

The first big cut you are going to make is isolating the table. We can use String/split-by action to split with the table header PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND.

String Split By New Line

Required Concepts

Learn how to create a string/split-by-newline .

SETTINGS

string: data

[input: syslog]

OUTPUT

variables: output

2 : Iteration over each line and extract the values

Iteration Map

Required Concepts

Learn how to create a iteration/map .

SETTINGS

ITERATION: data

[variables: output]

SCOPE: string

loop-var

note

You can not access iteration scope loop-var outside the iteration.

String Split By

Required Concepts

Learn how to use string/split-by actions.

Similar to how the earlier string/split-by-newline action to split the string on a new line;

%ASA-6-302013: TCP connection 933 OUTSIDE:172.217.169.68

An action string/split-by will be used to further split the string based on patterns to isolate the values.

SETTINGS

string: data

[loop-var: value]

patterns: array

string OUTSIDE:
string connection

OUTPUT

variables: output

Return

SETTINGS

ip: data

[variables: output > 2]

connection: data

[variables: output > 1]

OUTPUT

variables: output

ITERATION OUTPUT

variables: output

OUTPUT: HTTP Response

1. Create a NEW object and map the IP and Subnet

Both the action's output and HTTP response body are set to variables: output. There's no change that needs to be made.

HTTP Response

SETTINGS

body: data

[variables: output]

Mapping the action output to the HTTP response output

• Data referenced in HTTP response is what gets sent back to the client.
• Map the output from the actions to be sent back.

NOTE: By default, the action output is set to variable output. If you intend to keep each action's output without it being overwritten by the next action, simply rename the output location in the action's output.

2. Test the API with Postman or CURL

cURL

curl --location 'localhost:1114/1-to-n' \
--header 'Content-Type: application/json' \
--data '{
  "data": "%ASA-6-302013: TCP connection 933 OUTSIDE:172.217.169.68\n%ASA-6-302013: TCP connection 935 OUTSIDE:23.40.43.75"
}'

---

Helpful?