Platform
Solution
Industry
Role
There is no result.

Edwin AI Python SDK Integration

Last updated - 18 August, 2025

The LogicMonitor Edwin AI Python SDK Integration enables ingestion of third-party event data into the Edwin AI system through a REST-based Event Receiver Service endpoint. Edwin AI SDK normalizes incoming event data for ingestion, deduplication, correlation, and routing. After ingested, events are displayed in Edwin AI for analysis, visualization, and automated alerting.  Events must be formatted using the Edwin AI Common Event Format (CEF), which ensures consistent alert data across diverse tools and sources. For more information on mapping structure and functionality, see Edwin AI Integration YAML File

Using the Edwin AI Python SDK instead of direct REST API integration offers several built-in advantages. These include secure management of authentication, automated field mapping through YAML configuration, built-in payload validation and schema conformity, and reliable default handling of missing or invalid metadata.

Installing and configuring the Edwin AI Python SDK integration involves the following:

  1. Mapping event fields using a YAML configuration file
  2. Structuring event payloads in the Edwin AI CEF
  3. Validating payloads against the defined schema
  4. Sending events to Edwin AI using an SDK client

Event Field Definitions for Edwin AI Python SDK

The SDK includes the following default behavior to support seamless ingestion, even when optional metadata is missing:

  • If the eventTime field is not provided, the SDK uses the current system timestamp (in milliseconds).
  • If the eventID field is not provided, the SDK generates a unique UUID at runtime. To enable deduplication or idempotent event processing, provide your own eventID.
  • If a field is mapped but cannot be found in the payload, the SDK checks the following:
    • The default values defined in the YAML.
    • The SDK internal fallback values (for example: UNKNOWN, 1).

The following table describes each field supported by Edwin AI Python SDK:

Field NameDescriptionExampleRequired
eventTimeEpoch in msUses current time if not provided1659907320000No
eventSourceThe source system generating the eventCrowdstrikeYes
eventSeveritySeverity as number (0–5) or stringcritical or 4Yes
eventObjectThe monitored resource the event applies toaws-rds-prod01Yes
eventIDUnique event IDUUID is generated if omittedabc-1234No
eventDomainEvent domain categoryvulnerabilityYes
eventCiExternal CI identifierOptional overridedevice-5678No

Requirements for Installing and Configuring the Edwin AI Python SDK Integration

To use Edwin AI Python SDK, ensure the following:

  • Installed Python 3.9 or later
  • Downloaded and extracted the Edwin AI SDK zip package
    To obtain the zip package, contact your Edwin AI customer support manager (CSM). 
  • mapping.yaml configuration file
    For more information on configuring the mapping YAML file, see Edwin AI Integration YAML File
  • Outbound HTTPS access to public ingestion endpoints
  • LogicMonitor API token with “Manage” and “Push events” permissions
    For more information, see Adding an API Token
  • Payloads in valid JSON or CEF format

Installing and Configuring Edwin AI Python SDK Integration

  1. In the Python SDK, navigate to your extracted SDK directory and run the following command:
    pip install -r requirements.txt

    If a requirements.txt file is not included, install manually using the following command:
    pip install pyyaml jsonpath-ng
  2. Ensure your mapping.yaml file is saved in your project directory. For more information, see Edwin AI Integration YAML File
  3. (Optional) Define field mapping directly in the code. For example, see similar to the following:
    from edwin_sdk import Mapping
     
    mapping = Mapping.new_from_param(
      eventCI=["$.ci_name"],
      eventSeverity=["$.priority"]
    )

    Recommendation: Use this option if file system access is restricted.

  4. To create an integration script to process and transform payloads, create a new script file named main.py in the same directory and add the following code to transform and print a sample payload:
    from edwin_sdk import Mapping, CommonEventBuilder
 
# Load mapping from YAML
mapping = Mapping.from_file("mapping.yaml")
builder = CommonEventBuilder(mapping)
 
# Example payload
payloads = [{
    "configuration": {
        "item": {"name": "switch01"}
    },
    "event": {"severity": "critical"}
}]
 
# Transform and print result
result = builder.build_payloads(payloads)
print(result)
  5. Run the following script:
    python main.py
  6. To verify the output, ensure that required fields such as eventTimeeventIDeventSource, and eventSeverity are present.

    Note: The SDK applies fallback logic in the following order: Uses the first successful value from the mappings section. Falls back to the value defined in defaults.If no value is found, it applies SDK-level fallbacks (for example, UNKNOWN, 1).

    If you continue to have mapping issues, do the following:
    • Ensure the payload structure matched the JSONPath in the mappings
    • Use the transforms block to convert string severity values to integers.
    • Print result or use a debugger to inspect the transformed output. 
    • If no value is resolved, check for typos or missing keys in the mapping. 
  7. Integrate the SDK into your broader solution. 

    Note: To access a usage example of the SDK, contact your Edwin AI administrator.

The SDK does not poll data and you must implement your own polling mechanism. Use this logic to retrieve events from the source system, apply SDK transformations, and forward the transformed payloads to Edwin AI using a REST API or connector.