- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- FetchUdmSearchCsvFields
- CsvEntries
- Try it!
Full name: projects.locations.instances.legacy.legacyFetchUdmSearchCsv
Legacy endpoint for fetching csv rows for matching UDM search.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyFetchUdmSearchCsv
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "baseline_query": string, "snapshot_query": string, "baseline_time_range": { object ( |
Fields | |
---|---|
baseline_query |
Required. The baseline query to search for. |
snapshot_query |
The snapshot query to search for. |
baseline_time_range |
Required. The time range to search for [inclusive start time, exclusive end time). |
snapshot_time_range |
The time range to filter for [inclusive start time, exclusive end time). This time range must be completely within |
fields |
Required. The fields in UDM Event whose values need to be used to create the CSV File. |
case_insensitive |
If true, the search should be performed in a case-insensitive manner. This applies to both baseline and snapshot queries. |
Response body
Response with the CSV entries to append to file in UI along with progress.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "progress": number, "too_many_events": boolean, "complete": boolean, "valid_baseline_query": boolean, "valid_snapshot_query": boolean, "query_validation_errors": [ { object ( |
Fields | |
---|---|
progress |
Progress of the query represented as a double between 0 and 1. |
too_many_events |
If true, there are too many events to return and some have been omitted. |
complete |
Streaming for this response is done. There will be no additional updates. |
valid_baseline_query |
Indicates whether the request baseline_query is a valid structured query or not. If not, |
valid_snapshot_query |
Indicates whether the request baseline and snapshot queries are valid. If not, |
query_validation_errors[] |
Parse error for the baseline_query and/or the snapshot_query. |
runtime_errors[] |
Runtime errors. |
csv |
List of CSV rows |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacyFetchUdmSearchCsv
For more information, see the IAM documentation.
FetchUdmSearchCsvFields
JSON representation |
---|
{ "fields": [ string ] } |
Fields | |
---|---|
fields[] |
|
CsvEntries
JSON representation |
---|
{ "row": [ string ] } |
Fields | |
---|---|
row[] |
|