Obtaining Search Data
Function
This API is used to obtain search data.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Value Range N/A Default value N/A |
|
workspace_id |
Yes |
String |
Workspace ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Obtaining a User Token Constraints N/A Range N/A Default Value N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
dataspace_id |
Yes |
String |
Data space ID. |
|
from |
Yes |
Long |
Query start time. |
|
limit |
Yes |
Integer |
Number of returned raw logs. The maximum value is 500. |
|
offset |
Yes |
Integer |
Query offset. |
|
pipe_id |
Yes |
String |
Data pipeline ID. |
|
query |
Yes |
String |
Query statement. |
|
sort |
Yes |
String |
Whether to sort the results by time. The options are asc (ascending order) and desc (descending order). The default value is desc. |
|
to |
Yes |
Long |
Query end time. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
analysis_results |
AnalysisResults object |
Result analysis. |
|
count |
Long |
Number of query results. |
|
results |
Array of SearchResult objects |
Returned query result. |
|
Parameter |
Type |
Description |
|---|---|---|
|
datarows |
Array<Array<>> |
Statistical analysis result data. |
|
schema |
Array of AnalysisField objects |
Field type of statistical analysis result. |
|
size |
Integer |
Number of returned statistical analysis results. |
|
total |
Integer |
Total number of statistical analysis results. |
|
Parameter |
Type |
Description |
|---|---|---|
|
alias |
String |
Field alias. |
|
name |
String |
Field name. |
|
type |
String |
Field type. The options are boolean, byte, short, integer, long, float, half_float, scaled_float, double, keyword, text, date, ip, binary, object, and nested. |
|
Parameter |
Type |
Description |
|---|---|---|
|
data_source |
Object |
Raw log content. |
|
timestamp |
Long |
Data receiving time. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error message. |
Example Requests
{
"dataspace_id" : "a00106ba-bede-453c-8488-b60c70bd6aed",
"from" : 1584883694354,
"limit" : 50,
"offset" : 0,
"pipe_id" : "2b31ed520xxxxxxebedb6e57xxxxxxxx",
"query" : "xxx",
"sort" : "desc",
"to" : 1584883694654
}
Example Responses
Status code: 200
Successful.
{
"analysis_results" : {
"datarows" : [ [ 1, null ], [ 2, "value" ] ],
"schema" : [ {
"alias" : "key_alias1",
"name" : "key1",
"type" : "long"
}, {
"name" : "key2",
"type" : "string"
} ],
"size" : 10,
"total" : 100
},
"count" : 1,
"results" : [ {
"data_source" : {
"key1" : -1,
"key2" : 1.2,
"key3" : {
"key4" : true,
"key5" : "value5"
}
},
"timestamp" : 1584883694354
} ]
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Successful. |
|
400 |
Error response. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
