Method: legacy.legacySearchUserEvents

Full name: projects.locations.instances.legacy.legacySearchUserEvents

Legacy endpoint for getting events for a given user.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchUserEvents

Path parameters

Parameters
instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
userIndicator

object (UserIndicator)

Required. User to fetch telemetry data for.
timeRange

object (Interval)

Required. Time range for requested user data [inclusive start time, exclusive end time).
maxUserEvents

integer

Maximum number of user events to return. Defaults to a high value if empty / set to 0.
maxAssetEvents

integer

Maximum number of asset events to return.

Request body

The request body must be empty.

Response body

Response for user telemetry data.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "events": [
    {
      object (UdmEventInfo)
    }
  ],
  "too_many_user_events": boolean,
  "too_many_asset_events": boolean
}
Fields
events[]

object (UdmEventInfo)

UDM user events and aliased asset events for the requested user and time range. If use_udm in request is false, we will include only asset events in this field and put user SDM events in typed_user_events field.
too_many_user_events

boolean

Whether we have too many user events.
too_many_asset_events

boolean

Whether we have too many asset events.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.legacies.legacySearchUserEvents

For more information, see the IAM documentation.