Optional. The version timestamp of the rule. If not specified for a customer rule, buckets will be returned for the latest revision of the rule. Ignored for curated rules.
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Optional. The rule source to return buckets for. If omitted, will default to USER_RULE. Should be consistent with ruleId (USER_RULE for rules, UPPERCASE_RULE for curated rules); otherwise, there could be unexpected behavior.
Request body
The request body must be empty.
Response body
Legacy response with list of found detection count buckets.
If successful, the response body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis endpoint, \u003ccode\u003eprojects.locations.instances.legacy.legacySearchRuleDetectionCountBuckets\u003c/code\u003e, retrieves a list of detection count buckets for a specified Rules Engine rule.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request is a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003ehttps://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets\u003c/code\u003e, requiring the \u003ccode\u003einstance\u003c/code\u003e path parameter and several query parameters.\u003c/p\u003e\n"],["\u003cp\u003eRequired query parameters include \u003ccode\u003eruleId\u003c/code\u003e, \u003ccode\u003etimeRange\u003c/code\u003e, and \u003ccode\u003ebucketSize\u003c/code\u003e, with the \u003ccode\u003eversionTimestamp\u003c/code\u003e and \u003ccode\u003eruleSource\u003c/code\u003e being optional for customer rules.\u003c/p\u003e\n"],["\u003cp\u003eThe request body for this operation must be empty, and the successful response will contain a list of detection count buckets within a JSON structure.\u003c/p\u003e\n"],["\u003cp\u003eAccessing this endpoint requires the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope and the \u003ccode\u003echronicle.legacies.legacySearchRuleDetectionCountBuckets\u003c/code\u003e IAM permission on the specified \u003ccode\u003einstance\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Method: legacy.legacySearchRuleDetectionCountBuckets\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Query parameters](#body.QUERY_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n - [JSON representation](#body.LegacySearchRuleDetectionCountBucketsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [Try it!](#try-it)\n\n**Full name**: projects.locations.instances.legacy.legacySearchRuleDetectionCountBuckets\n\nLegacy endpoint for listing detection count buckets for a Rules Engine rule.\n\n### HTTP request\n\nChoose a location: \nafrica-south1 asia-northeast1 asia-south1 asia-southeast1 asia-southeast2 australia-southeast1 europe-west12 europe-west2 europe-west3 europe-west6 europe-west9 me-central1 me-central2 me-west1 northamerica-northeast2 southamerica-east1 us eu \n\n\u003cbr /\u003e\n\n### Path parameters\n\n### Query parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nLegacy response with list of found detection count buckets.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires the following [IAM](https://cloud.google.com/iam/docs) permission on the `instance` resource:\n\n- `chronicle.legacies.legacySearchRuleDetectionCountBuckets`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs)."]]
