- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- AnalyticValue
- Try it!
Full name: projects.locations.instances.analytics.entities.analyticValues.list
Lists analytic values. An analytic value refers to a data point (numeric value & interval) for a specific entity and analytic. The API returns matching AnalyticValues for the desired entity and analytic, according to the following filters:
Timestamps use RFC 3339. Read more here
- lookback_interval: Filter by the lookback interval, up to 90 days. Example:
lookback_interval.start_time >= "2023-08-10T14:20:59.950218416Z" AND
lookback_interval.end_time <= "2023-08-17T14:20:59.950219626Z"
aggregate_function: Filter by the aggregate function. This represents the mathematical function used to calculate the analytic value. Some examples are MIN, AVG, and SUM.
dimensions: Filter by the dimensions. This describes which field is used as the dimension when grouping data to calculate the aggregate analytic. Some examples are PRINCIPAL_DEVICE, PRINCIPAL_FILE_HASH, and EVENT_TYPE.
event_type: Filter by event type. This gives us details about the event type, which may be important if this analytic was computed over grouped data.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{parent}/analyticValues
Path parameters
| Parameters | |
|---|---|
parent |
Required. The parent, which owns this collection of AnalyticValues. Format: "projects/{project}/locations/{location}/instances/{instance}/analytics/{analytic}/entities/{entity} |
Query parameters
| Parameters | |
|---|---|
pageSize |
Optional. The maximum number of entity analytic values to return. The service may return fewer than this value. |
pageToken |
Optional. A page token, received from a previous |
filter |
Optional. Filter to be applied over multiple AnalyticValue fields. Please see API definition for usage. |
orderBy |
Optional. Configures ordering of AnalyticValues in the response. |
Request body
The request body must be empty.
Response body
Response message for ListAnalyticValues.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"analytic_values": [
{
object ( |
| Fields | |
|---|---|
analytic_values[] |
List of AnalyticValues returned by the API. |
next_page_token |
A token, which can be sent as |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the parent resource:
chronicle.analyticValues.list
For more information, see the IAM documentation.
AnalyticValue
An AnalyticValue represents a data point for an analytic which is exhibited by an entity at a given time interval.
| JSON representation |
|---|
{ "name": string, "value": number, "interval": { object ( |
| Fields | |
|---|---|
name |
Identifier. The resource name. Format: "projects/{project}/locations/{location}/instances/{instance}/analytics/{analytic}/entities/{entity}/analyticValues/{analytic_value}" |
value |
Output only. The numeric value of the analytic value (i.e., the y-coordinate of the data point). |
interval |
Output only. The interval that the numeric value was computed over (i.e., the x-coordinate of the data point). |
event_count |
The total number of events aggregated to generate this analytic value. |
aggregate_function |
Required. The aggregate function used to compute this analytic. |
dimensions[] |
The dimensions describe how analytics data was grouped prior to aggregation. |
event_type |
The event type for this analytic. This will only be present if dimensions includes EVENT_TYPE. |