- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- ColumnData
- ColumnType
- ColumnValue
- ValueMetadata
- InAppLink
- List
- ColumnMetadata
- TimestampMetadata
- Try it!
Full name: projects.locations.instances.dashboardQueries.execute
Execute a query and return the data.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{parent}/dashboardQueries:execute
Path parameters
Parameters | |
---|---|
parent |
Required. The parent, under which to run this dashboardQuery. Format: projects/{project}/locations/{region}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "query": { object ( |
Fields | |
---|---|
query |
Required. The query to execute and get results back for. QueryID or 'query', 'input.time_window' fields will be used. Use 'native_dashboard' and 'dashboard_chart' fields if it is an in-dashboard query. |
filters[] |
Optional. Dashboard level filters other than query string. |
clear_ |
Optional. When true, the backend would read from the database, rather than fetching data directly from the cache. |
Response body
Response message for executing a dashboard query.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "results": [ { object ( |
Fields | |
---|---|
results[] |
Result rows that are queried. |
data_ |
Datasource of the query and results. |
last_ |
Optional. Last time the cache was refreshed. This would be used by the UI to show the last updated time. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
time_ |
Time window against which query was executed. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the parent
resource:
chronicle.dashboardQueries.execute
For more information, see the IAM documentation.
ColumnData
JSON representation |
---|
{ "column": string, "values": [ { object ( |
Fields | |
---|---|
column |
Used to store column names. |
values[] |
To store column data. |
metadata |
To store column metadata. |
ColumnType
Singular vs list of values in a column.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
value |
Single value in a column. |
list |
List of values in a column e.g. IPs |
ColumnValue
LINT.IfChange(stats_data) Value of the column based on data type.
JSON representation |
---|
{ "metadata": { object ( |
Fields | |
---|---|
metadata |
|
Union field
|
|
null_ |
True if the value is NULL. |
bool_ |
Boolean value. |
bytes_ |
Bytes value. A base64-encoded string. |
double_ |
Double value. |
int64_ |
Integer value (signed). |
uint64_ |
Un-signed integer value. |
string_ |
String value. Enum values are returned as strings. |
timestamp_ |
Timestamp values. Does not handle Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
date_ |
Date values. |
proto_ |
For any proto values that are not any of the above. An object containing fields of an arbitrary type. An additional field |
ValueMetadata
JSON representation |
---|
{
"links": [
{
object ( |
Fields | |
---|---|
links[] |
"Auto" generated In-app links. |
field_ |
|
InAppLink
In app linking start
JSON representation |
---|
{ "url": string, "label": string, "icon_url": string } |
Fields | |
---|---|
url |
URL to redirect to. |
label |
Label for the link. |
icon_ |
Icon url for the link. |
List
Store list of values in a column.
JSON representation |
---|
{
"values": [
{
object ( |
Fields | |
---|---|
values[] |
|
ColumnMetadata
Metadata of the column.
JSON representation |
---|
{ "column": string, "field_path": string, "function_name": string, "function_module": string, "data_source": enum ( |
Fields | |
---|---|
column |
Name of the column. |
field_ |
Field path of the queried field, if any. |
function_ |
Name of the function used to query the field, if any. |
function_ |
Module of the function used to query the field, if any. |
data_ |
Data source queried. |
timestamp_ |
Timestamp Metadata |
TimestampMetadata
Metadata of the timestamp column.
JSON representation |
---|
{ "time_format": string, "time_zone": string, "time_granularity": string, "is_sortable": boolean, "is_interpolable": boolean } |
Fields | |
---|---|
time_ |
Time format of the timestamp column. |
time_ |
Time zone of the timestamp column. |
time_ |
Time granularity of the timestamp column. |
is_ |
Whether the timestamp column is sortable in UI. |
is_ |
Whether the timestamp column is interpolable in UI. |