文档首页/ 安全云脑 SecMaster/ API参考/ 安全云脑 API V1/ 查询分析/ 获取检索数据 - ListSearchLogs
更新时间:2026-02-05 GMT+08:00
在线调试
CLI示例
查看PDF
分享

获取检索数据 - ListSearchLogs

功能介绍

获取检索数据

调用方法

请参见如何调用API

授权信息

账号具备所有API的调用权限,如果使用账号下的IAM用户调用当前API,该IAM用户需具备调用API所需的权限,具体权限要求请参见权限和授权项

URI

POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

参数解释:

项目ID,用于明确项目归属,配置后可通过该ID查询项目下资产,可以通过调用API获取,也可以从控制台获取。获取项目ID

约束限制:

不涉及

取值范围:

不涉及

默认取值:

不涉及

workspace_id

String

工作空间ID

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

参数解释:

用户Token,通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。获取用户Token

约束限制:

不涉及

取值范围:

不涉及

默认取值:

不涉及
表3 请求Body参数

参数

是否必选

参数类型

描述

dataspace_id

String

数据空间ID

from

Long

查询开始时间点

limit

Integer

查询返回的原始日志条数,最大值为500

offset

Integer

查询偏移值

pipe_id

String

数据管道ID

query

String

查询语句

sort

String

是否按时间排序返回;可选值:asc(升序)、desc(降序),默认为 desc

to

Long

查询结束时间点

响应参数

状态码:200

表4 响应Body参数

参数

参数类型

描述

analysis_results

AnalysisResults object

分析结果

count

Long

查询结果的条数

results

Array of SearchResult objects

返回的查询结果
表5 AnalysisResults

参数

参数类型

描述

datarows

Array<Array<>>

统计分析结果数据

schema

Array of AnalysisField objects

统计分析结果字段类型

size

Integer

返回的统计分析结果条数

total

Integer

统计分析结果总数
表6 AnalysisField

参数

参数类型

描述

alias

String

字段别名

name

String

字段名称

type

String

字段类型;可选值:boolean、byte、short、integer、long、float、half_float、scaled_float、double、keyword、text、date、ip、binary、object、nested
表7 SearchResult

参数

参数类型

描述

data_source

Object

原始日志内容

timestamp

Long

数据接收时间

状态码:400

表8 响应Body参数

参数

参数类型

描述

error_code

String

错误码

error_msg

String

错误描述

请求示例

{
  "dataspace_id" : "a00106ba-bede-453c-8488-b60c70bd6aed",
  "from" : 1584883694354,
  "limit" : 50,
  "offset" : 0,
  "pipe_id" : "2b31ed520xxxxxxebedb6e57xxxxxxxx",
  "query" : "xxx",
  "sort" : "desc",
  "to" : 1584883694654
}

响应示例

状态码:200

成功

{
  "analysis_results" : {
    "datarows" : [ [ 1, null ], [ 2, "value" ] ],
    "schema" : [ {
      "alias" : "key_alias1",
      "name" : "key1",
      "type" : "long"
    }, {
      "name" : "key2",
      "type" : "string"
    } ],
    "size" : 10,
    "total" : 100
  },
  "count" : 1,
  "results" : [ {
    "data_source" : {
      "key1" : -1,
      "key2" : 1.2,
      "key3" : {
        "key4" : true,
        "key5" : "value5"
      }
    },
    "timestamp" : 1584883694354
  } ]
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v1.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v1.*;
import com.huaweicloud.sdk.secmaster.v1.model.*;


public class ListSearchLogsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        ListSearchLogsRequest request = new ListSearchLogsRequest();
        request.withWorkspaceId("{workspace_id}");
        try {
            ListSearchLogsResponse response = client.listSearchLogs(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v1.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListSearchLogsRequest()
        request.workspace_id = "{workspace_id}"
        response = client.list_search_logs(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListSearchLogsRequest{}
	request.WorkspaceId = "{workspace_id}"
	response, err := client.ListSearchLogs(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

成功

400

错误响应

错误码

请参见错误码

父主题: 查询分析

相关文档