Method: dashboardQueries.execute

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions
ColumnData
- JSON representation
ColumnType
- JSON representation
ColumnValue
- JSON representation
ValueMetadata
- JSON representation
InAppLink
- JSON representation
List
- JSON representation
ColumnMetadata
- JSON representation
TimestampMetadata
- JSON representation
Try it!

Full name: projects.locations.instances.dashboardQueries.execute

Execute a query and return the data.

HTTP request

POST https://chronicle.googleapis.com/v1alpha/{parent}/dashboardQueries:execute

Path parameters

Parameters

Parameters
`parent`	`string` Required. The parent, under which to run this dashboardQuery. Format: projects/{project}/locations/{region}/instances/{instance}

parent

string

Required. The parent, under which to run this dashboardQuery. Format: projects/{project}/locations/{region}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "query": { object (`DashboardQuery`) }, "filters": [ { object (`DashboardFilter`) } ], "clear_cache": boolean }

Fields

Fields
`query`	`object (DashboardQuery)` Required. The query to execute and get results back for. QueryID or 'query', 'input.time_window' fields will be used. Use 'native_dashboard' and 'dashboard_chart' fields if it is an in-dashboard query.
`filters[]`	`object (DashboardFilter)` Optional. Dashboard level filters other than query string.
`clear_cache`	`boolean` Optional. When true, the backend would read from the database, rather than fetching data directly from the cache.

query

object (DashboardQuery)

Required. The query to execute and get results back for. QueryID or 'query', 'input.time_window' fields will be used. Use 'native_dashboard' and 'dashboard_chart' fields if it is an in-dashboard query.

filters[]

object (DashboardFilter)

Optional. Dashboard level filters other than query string.

clear_cache

boolean

Optional. When true, the backend would read from the database, rather than fetching data directly from the cache.

Response body

Response message for executing a dashboard query.

If successful, the response body contains data with the following structure:

JSON representation
{ "results": [ { object (`ColumnData`) } ], "data_sources": [ enum (`DataSource`) ], "last_backend_cache_refreshed_time": string, "time_window": { object (`Interval`) } }

Fields
`results[]`	`object (ColumnData)` Result rows that are queried.
`data_sources[]`	`enum (DataSource)` Datasource of the query and results.
`last_backend_cache_refreshed_time`	`string (Timestamp format)` Optional. Last time the cache was refreshed. This would be used by the UI to show the last updated time. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`time_window`	`object (Interval)` Time window against which query was executed.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

chronicle.dashboardQueries.execute

For more information, see the IAM documentation.

ColumnData

JSON representation
{ "column": string, "values": [ { object (`ColumnType`) } ], "metadata": { object (`ColumnMetadata`) } }

Fields

Fields
`column`	`string` Used to store column names.
`values[]`	`object (ColumnType)` To store column data.
`metadata`	`object (ColumnMetadata)` To store column metadata.

column

string

Used to store column names.

values[]

object (ColumnType)

To store column data.

metadata

object (ColumnMetadata)

To store column metadata.

ColumnType

Singular vs list of values in a column.

JSON representation
{ // Union field `type` can be only one of the following: "value": { object (`ColumnValue`) }, "list": { object (`List`) } // End of list of possible types for union field `type`. }

Fields

Fields
Union field `type`. `type` can be only one of the following:
`value`	`object (ColumnValue)` Single value in a column.
`list`	`object (List)` List of values in a column e.g. IPs

Union field type.

type can be only one of the following:

value

object (ColumnValue)

Single value in a column.

list

object (List)

List of values in a column e.g. IPs

ColumnValue

LINT.IfChange(stats_data) Value of the column based on data type.

JSON representation

JSON representation
{ "metadata": { object (`ValueMetadata`) }, // Union field `value` can be only one of the following: "null_val": boolean, "bool_val": boolean, "bytes_val": string, "double_val": number, "int64_val": string, "uint64_val": string, "string_val": string, "timestamp_val": string, "date_val": { object (`Date`) }, "proto_val": { "@type": string, field1: ..., ... } // End of list of possible types for union field `value`. }

{
  "metadata": {
    object (ValueMetadata)
  },

  // Union field value can be only one of the following:
  "null_val": boolean,
  "bool_val": boolean,
  "bytes_val": string,
  "double_val": number,
  "int64_val": string,
  "uint64_val": string,
  "string_val": string,
  "timestamp_val": string,
  "date_val": {
    object (Date)
  },
  "proto_val": {
    "@type": string,
    field1: ...,
    ...
  }
  // End of list of possible types for union field value.
}

Fields
`metadata`	`object (ValueMetadata)`
Union field `value`. `value` can be only one of the following:
`null_val`	`boolean` True if the value is NULL.
`bool_val`	`boolean` Boolean value.
`bytes_val`	`string (bytes format)` Bytes value. A base64-encoded string.
`double_val`	`number` Double value.
`int64_val`	`string (int64 format)` Integer value (signed).
`uint64_val`	`string` Un-signed integer value.
`string_val`	`string` String value. Enum values are returned as strings.
`timestamp_val`	`string (Timestamp format)` Timestamp values. Does not handle `interval`. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`date_val`	`object (Date)` Date values.
`proto_val`	`object` For any proto values that are not any of the above. An object containing fields of an arbitrary type. An additional field `"@type"` contains a URI identifying the type. Example: `{ "id": 1234, "@type": "types.example.com/standard/id" }`.

ValueMetadata

JSON representation
{ "links": [ { object (`InAppLink`) } ], "field_paths": [ string ] }

Fields

links[]

object (InAppLink)

"Auto" generated In-app links.

field_paths[]

string

InAppLink

In app linking start

JSON representation
{ "url": string, "label": string, "icon_url": string }

Fields

Fields
`url`	`string` URL to redirect to.
`label`	`string` Label for the link.
`icon_url`	`string` Icon url for the link.

url

string

URL to redirect to.

label

string

Label for the link.

icon_url

string

Icon url for the link.

List

Store list of values in a column.

JSON representation
{ "values": [ { object (`ColumnValue`) } ] }

Fields
`values[]`	`object (ColumnValue)`

ColumnMetadata

Metadata of the column.

JSON representation
{ "column": string, "field_path": string, "function_name": string, "function_module": string, "data_source": enum (`DataSource`), "timestamp_metadata": { object (`TimestampMetadata`) } }

Fields
`column`	`string` Name of the column.
`field_path`	`string` Field path of the queried field, if any.
`function_name`	`string` Name of the function used to query the field, if any.
`function_module`	`string` Module of the function used to query the field, if any.
`data_source`	`enum (DataSource)` Data source queried.
`timestamp_metadata`	`object (TimestampMetadata)` Timestamp Metadata

TimestampMetadata

Metadata of the timestamp column.

JSON representation
{ "time_format": string, "time_zone": string, "time_granularity": string, "is_sortable": boolean, "is_interpolable": boolean }

Fields
`time_format`	`string` Time format of the timestamp column.
`time_zone`	`string` Time zone of the timestamp column.
`time_granularity`	`string` Time granularity of the timestamp column.
`is_sortable`	`boolean` Whether the timestamp column is sortable in UI.
`is_interpolable`	`boolean` Whether the timestamp column is interpolable in UI.