Help Center/ SecMaster/ API Reference/ SecMaster APIs (Excluding APIs for Security Analysis V2)/ Metric Definitions/ Updating a Metric Definition

Updated on 2025-10-29 GMT+08:00

Online Debugging

CLI Examples

View PDF

Updating a Metric Definition

Function

This API is used to update a metric definition.

Calling Method

For details, see Calling APIs.

URI

PUT /v1/{project_id}/workspaces/{workspace_id}/soc/metrics/{metric_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that a resource belongs to. You can query the resources of a project by project ID. You can obtain the project ID from the API or console. Obtaining the Project ID Constraints N/A Range N/A Default Value N/A
workspace_id	Yes	String	Definition Workspace ID. Constraints N/A Range N/A Default Value N/A
metric_id	Yes	String	Metrics ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header. Obtaining a User Token Constraints N/A Range N/A Default Value N/A
content-type	Yes	String	Definition Content type. application/json;charset=UTF-8: common API request type Constraints N/A Range application/json;charset=UTF-8 Default Value N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
metric_name	Yes	String	Metric name.
metric_type	Yes	String	Metric type. DERIVED: derived metric. A derived metric along with conditions can be obtained from a single CBSL or API query. COMPOUND: compound metric. A compound metric can be obtained by calculating multiple atomic metrics.
data_type	Yes	String	Data type. TRACK: tracking metric; STATISTICS: statistical metric; and LOGISTIC: logical metric.
metric_dimension	No	Integer	Metric result dimension. 0: single number; 2: chart or table; and 3+: multi-label chart. If metric_type is set to DERIVED, this parameter is mandatory. If metric_type is set to COMPOUND, this parameter is optional or must be fixed at 0.
cache_ttl	Yes	Long	Cache lifecycle, in seconds.
report_period	No	Long	Reporting period, which is mandatory for tracking metrics. The unit is second.
is_built_in	No	Boolean	Whether the metric is a system metric.
effective_column	No	String	Effective column. If this parameter is specified, the specified column is used as the metric data result.
max_query_range	No	Integer	Maximum search range supported by the metric, in days. For compound metrics, the value is the minimum value in the derived_metrics list.
derived_metrics	No	Array of derived_metrics objects	List of derived metrics. If the metric is not a compound metric, there is only one element. If the metric is a compound metric, the definition of each derived metric is included.
compound_expression	No	String	If metric_type is set to DERIVED, enter the expression of a compound metric.
metric_format	No	Array of LayoutMetricFormat objects	Metric format.
metric_expand_dim	No	MetricDimensionExpandParam object	Extended parameters of the metric dimension.
version	No	String	SecMaster edition.

**Table 4** derived_metrics
Parameter	Mandatory	Type	Description
metric_dimension	Yes	Integer	Result dimension of the derived metric. 0: single number; 2: chart or table; and 3+: multi-label chart.
max_query_range	No	Integer	Maximum query range supported by the metric, in days.
date_start	No	String	Date math expression of the relative start time for the metric query range.
date_end	No	String	Date math expression of the relative end time for the metric query range.
date_format	No	String	Time format. The options are epoch_millis, epoch_second, and yyyy-MM-dd'T'HH:mm:ss.SSSZ.
query_type	Yes	String	Method for obtaining metric results. The options are cbsl, api, dsl, and sql.
query_function	Yes	String	Method for obtaining metric results. The options are CBSL, API, DSL, and SQL. The value is of string type. If query_type is set to CBSL, specify dataspace_id, pipe_id, query, sort, from, and to for the function. Example: {\"dataspace_id\":\"3939573a-12a0-436f-b0e5-ab2872a1fde9\",\"pipe_id\":\"9db9d8a6-d9e6-4b32-990e-40f0afe4655d\",\"query\":\"* \| select ack_pps, device_type as type\",\"sort\":\"desc\",\"from\":${date_from},\"to\":${date_to}} Before escape: json { "dataspace_id":"3939573a-12a0-436f-b0e5-ab2872a1fde9", "pipe_id":"9db9d8a6-d9e6-4b32-990e-40f0afe4655d", "query":"* \| select ack_pps, device_type as type", "sort":"desc", "from": ${date_from}, "to": ${date_to} } If query_type is set to API, specify api method, url, path_params, headers, and response_parser for the function. response_parser is required for parsing API return values. label and json_path are defined to parse return values into two-dimensional tables. label indicates the table header, and json_path indicates the field extraction path. Example: {\"method\":\"POST\,"\"uri\":\"/v1/${project_id}/Enter a URI without a domain name. /xxx\",\"headers\":{\"X-Auth-Token\":\"${project_token}\"},\"response_parser\":{\"labels\": [\"Attack type\,"\"Attack source\,"\"Time\"] ,\"json_path\":[\"$.data[:].type\",\"$.data[:].source\",\"$.data[:].time\"]}} Before escape: json { "method":"POST", "uri":"/v1/${project_id}/Only URI/without domain name/xxx", "headers":{ "X-Auth-Token": "${project_token}" }, "response_parser":{ "labels":[ "Attack type", "Attack source", "Time" ], "json_path":[ "$.data[:].type", "$.data[:].source", "$.data[:].time" ] } } If query_type is set to DSL, specify index, dsl (escaped as a character string), and response_parser. If query_type is set to sql, specify the query JSON (escaped as a string) for opendistro sql. Example: {\"index\":\"index_xxx_\",\"dsl\":\"{\\\"query\\\":{\\\"match_all\\\":{}}}\",\"response_parser\":{\"labels\":[\"attack type\","attack source\","time\"],\"json_path\":[\"$.data[:].type\",\"$.data[:].source\","$.data[:].time\"]}} Before escape: ```json { "index":"index_xxx_", "dsl":"{\"query\":{\"match_all\":{}}}", "response_parser":{ "labels":[ "Attack type", "Attack source", "Time" ], "json_path":[ "$.data[:].type", "$.data[:].source", "$.data[:].time" ] } } ``` Example: {\"query\":\"SELECT count(1) as count , msg.DstPort FROM isap_log_nip_ttl* where oct >= TIMESTAMP(\\\"${date_from}\\\") and oct <= TIMESTAMP(\\\"${date_to}\\\") group by msg.DstPort order by count desc limit 5\"} Before escape: ```json { "query":"SELECT count(1) as count , msg.DstPort FROM isap_log_nip_ttl* where oct >= TIMESTAMP(\"${date_from}\") and oct <= TIMESTAMP(\"${date_to}\") group by msg.DstPort order by count desc limit 5" } ```

**Table 5** LayoutMetricFormat
Parameter	Mandatory	Type	Description
data	No	String	Data format.
display	No	String	Display format.
display_param	No	Map<String,String>	Display parameters.
data_param	No	Map<String,String>	Data parameters.

**Table 6** MetricDimensionExpandParam
Parameter	Mandatory	Type	Description
labels	Yes	Array of strings	Dimension expansion label.
functions	Yes	Array of strings	Dimension expansion method. Enter the built-in method on the metric data plane. The value of index starts from 1.

Response Parameters

Status code: 200

**Table 7** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID. Format: request_uuid-timestamp-hostname.

Status code: 400

**Table 8** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID. Format: request_uuid-timestamp-hostname.

**Table 9** Response body parameters
Parameter	Type	Description
code	String	Definition Error code. Range N/A
message	String	Definition Error description. Range N/A

Example Requests

None

Example Responses

None

Status Codes

Status Code	Description
200	Response succeeded.
400	Error response.

Error Codes

See Error Codes.

Parent topic: Metric Definitions

Previous topic: Obtaining Metric Metadata

Next topic: Deleting a Metric

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.