PreferenceSet

JSON representation
UiPreferences
- JSON representation
SearchHistory
- JSON representation
ColumnSet
- JSON representation

A collection of preferences for a user.

JSON representation
{ "name": string, "ui_preferences": { object (`UiPreferences`) } }

Fields

Fields
`name`	`string` Output only. Identifier. Resource name.
`ui_preferences`	`object (UiPreferences)` Optional. Preferences for UI configuration.

name

string

Output only. Identifier. Resource name.

ui_preferences

object (UiPreferences)

Optional. Preferences for UI configuration.

UiPreferences

Collection of preferences for UI configuration.

JSON representation
{ "display_timezone": string, "search_history": [ { object (`SearchHistory`) } ], "enable_search_history": boolean, "column_sets": [ { object (`ColumnSet`) } ], "pinned_fields": [ string ] }

Fields
`display_timezone`	`string` Optional. Timezone for displaying times to the user.
`search_history[]`	`object (SearchHistory)` Optional. Previously run search queries. This will be limited to around 20 queries by the calling UI code.
`enable_search_history`	`boolean` Optional. Flag for enabling saving search history. True if it is enabled.
`column_sets[]`	`object (ColumnSet)` Optional. A list of ColumnSets saved by the user.
`pinned_fields[]`	`string` Optional. A list of fields to pin at the top of the quick filters panel.

SearchHistory

A previously run Search Query.

JSON representation

JSON representation
{ "query": string, "time_range": { object (`Interval`) }, "execution_time": string, "chronicle_owned": boolean, "natural_language_query": string, "display_name": string, "description": string, "search_save_time": string, "search_update_time": string, "raw_query": string, "placeholder_names": [ string ], "placeholder_descriptions": [ string ], "placeholder_values": [ string ], "saved_search_resource": string, "saved_search_id": string, "sharing_mode": enum (`SharingMode`), "query_type": enum (`QueryType`), "case_insensitive": boolean }

{
  "query": string,
  "time_range": {
    object (Interval)
  },
  "execution_time": string,
  "chronicle_owned": boolean,
  "natural_language_query": string,
  "display_name": string,
  "description": string,
  "search_save_time": string,
  "search_update_time": string,
  "raw_query": string,
  "placeholder_names": [
    string
  ],
  "placeholder_descriptions": [
    string
  ],
  "placeholder_values": [
    string
  ],
  "saved_search_resource": string,
  "saved_search_id": string,
  "sharing_mode": enum (SharingMode),
  "query_type": enum (QueryType),
  "case_insensitive": boolean
}

Fields
`query`	`string` Required. The UDM Search query that was executed.
`time_range`	`object (Interval)` Optional. The time interval that the query is run over.
`execution_time`	`string (Timestamp format)` Optional. The time the query was run. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`chronicle_owned`	`boolean` Optional. Whether the saved search used is based on a saved template owned by Chronicle.
`natural_language_query`	`string` If applicable, the natural language query used to generate the UDM Search Query.
`display_name`	`string` If applicable, the display name of the saved search used to generate this instance.
`description`	`string` If applicable, the description of the saved search used to generate this instance.
`search_save_time`	`string (Timestamp format)` Optional. If applicable, the created timestamp of the saved search used to generate this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`search_update_time`	`string (Timestamp format)` Optional. If applicable, the updated timestamp of the saved search used to generate this instance. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`raw_query`	`string` Optional. If applicable, the UDM saved search string with unreplaced placeholder names, from the saved search query used to generate this instance, e.g. "principal.hostname = $placeholder1 and target.ip = $placeholder2".
`placeholder_names[]`	`string` Optional. If applicable, the placeholder names from the saved search used to generate this instance, e.g. ["$placeholder1", "$placeholder2"].
`placeholder_descriptions[]`	`string` Optional. If applicable, the placeholder descriptions from the saved search used to generate this instance, e.g. ["host", "ip"]. Each element's position corresponds to placeholder_names.
`placeholder_values[]`	`string` Optional. If applicable, the placeholder values from the saved search to generate this instance, e.g. ["abu", "1.2.3.4"]. Each element's position corresponds to placeholder_names.
`saved_search_resource`	`string` Optional. If applicable, the resource name of the saved search used to generate this instance. Format: `projects/{project}/location/{location}/instances/{instance}/users/{user}/searchQueries/{queryid}`
`saved_search_id`	`string` Optional. If applicable, the id of the saved search used to generate this instance.
`sharing_mode`	`enum (SharingMode)` Optional. If applicable, the sharing mode of the saved search used to generate this instance.
`query_type`	`enum (QueryType)` Optional. The query type.
`case_insensitive`	`boolean` Optional. If true, the search was performed in a case-insensitive manner.

ColumnSet

A list of UDM columns with a unique name.

JSON representation
{ "label": string, "columns": [ string ] }

Fields

Fields
`label`	`string` The name of the column set.
`columns[]`	`string` The list of udm fields corresponding to columns.

label

string

The name of the column set.

columns[]

string

The list of udm fields corresponding to columns.