- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.legacy.legacySearchUserEvents
Legacy endpoint for getting events for a given user.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchUserEvents
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
Parameters | |
---|---|
userIndicator |
Required. User to fetch telemetry data for. |
timeRange |
Required. Time range for requested user data [inclusive start time, exclusive end time). |
maxUserEvents |
Maximum number of user events to return. Defaults to a high value if empty / set to 0. |
maxAssetEvents |
Maximum number of asset events to return. |
Request body
The request body must be empty.
Response body
Response for user telemetry data.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"events": [
{
object ( |
Fields | |
---|---|
events[] |
UDM user events and aliased asset events for the requested user and time range. If |
too_many_user_events |
Whether we have too many user events. |
too_many_asset_events |
Whether we have too many asset events. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacySearchUserEvents
For more information, see the IAM documentation.