Method: legacy.legacySearchRawLogsV2

Full name: projects.locations.instances.legacy.legacySearchRawLogsV2

Searches for raw logs within a specified Google SecOps instance.

Choose a location:

GET https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{name}/legacy:legacySearchRawLogsV2

Parameters

Parameters
`name`	`string` Required. The Google SecOps instance to send the request to. Format: `projects/{project}/locations/{location}/instances/{instance}`

name

string

Required. The Google SecOps instance to send the request to.
Format: projects/{project}/locations/{location}/instances/{instance}

Parameters

Parameters
`query`	`string` Required. The raw log query to search for. Example: `raw = /.*/ logSource IN ["Okta"] parsed = true.`
`timeRange`	`object (Interval)` Required. The time range to search within. This includes the start time and excludes the end time.
`limit`	`integer` Optional. The maximum number of results to return for the query. Any value over 10,000 is coerced to 10,000.

query

string

Required. The raw log query to search for.
Example: raw = /.*/ logSource IN ["Okta"] parsed = true.

timeRange

object (Interval)

Required. The time range to search within. This includes the start time and excludes the end time.

limit

integer

Optional. The maximum number of results to return for the query. Any value over 10,000 is coerced to 10,000.

The request body must be empty.

Response of raw log search.

If successful, the response body contains data with the following structure:

JSON representation
{ "matches": [ { object (`RawLogResult`) } ] }

Fields

Fields
`matches[]`	`object (RawLogResult)` A list of the raw log results that match the query.

matches[]

A list of the raw log results that match the query.

Requires the following OAuth scope:

For more information, see the Authentication Overview.

Requires the following IAM permission on the name resource:

For more information, see the IAM documentation.