Help Center/ SecMaster/ API Reference/ Security Analysis V2 APIs/ Security Analysis/ Creating a Security Analysis Query

Updated on 2025-10-29 GMT+08:00

Online Debugging

CLI Examples

View PDF

Creating a Security Analysis Query

Function

This API is used to create a security analysis query.

Calling Method

For details, see Calling APIs.

URI

POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/analysis

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Range N/A Default Value N/A
workspace_id	Yes	String	Workspace ID.
table_id	Yes	String	Table ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Obtaining a User Token Constraints N/A Range N/A Default Value N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
query	Yes	String	Retrieval query criteria. For details about the syntax, see the help documentation.
from	No	Integer	Timestamp, in ms.
to	No	Integer	Timestamp, in ms.
limit	Yes	Long	Limit
offset	No	Long	Limit
script_params	No	Array of SearchScriptParam objects	Script parameters.

**Table 4** SearchScriptParam
Parameter	Mandatory	Type	Description
key	No	String	Key.
value	No	String	Value.

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
schema	Array of SearchQueryField objects	Query result.
datarows	Array<Array<>>	Query result row.
total	Integer	Total count of results
size	Integer	Returned count of results
results	Array of SearchQueryResult objects	Results in JSON format

**Table 6** SearchQueryField
Parameter	Type	Description
name	String	Field name
type	String	Definition Data type. boolean: boolean data byte: byte data short: short integer integer: integer data long: long integer float: single-precision floating point half_float: half-precision floating point scaled_float: scaling floating point double: double-precision floating point keyword: keyword data text: text data date: date data ip: IP addresses binary: binary data object: object data nested: nested data Constraints N/A Range boolean byte short integer long float half_float scaled_float double keyword text date ip binary object nested Default Value N/A
alias	String	Field alias

**Table 7** SearchQueryResult
Parameter	Type	Description
timestamp	String	Timestamp
data_source	AnyType	Data source

Example Requests

None

Example Responses

None

Status Codes

Status Code	Description
200	Request succeeded. A security analysis query result is returned.

Error Codes

See Error Codes.

Parent topic: Security Analysis

Previous topic: Querying a Table Histogram

Next topic: Data Consumption Management

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.