- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- ExecutionError
- Try it!
Full name: projects.locations.instances.legacy.legacyTestRuleStreaming
LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyTestRuleStreaming
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "rule_text": string, "start_time": string, "end_time": string, "max_detections": integer, "scope": string } |
Fields | |
---|---|
rule_text |
Required. The rule text to test as a UTF-8 string. |
start_time |
Optional. The start time of the time range of events to test the rule text over. If unspecified, will default to 12 hours before end_time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
end_time |
Optional. The end time of the time range of events to test the rule text over. If unspecified, will either default to 12 hours after start_time, or the current day bucket if start_time is also unspecified. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
max_detections |
Optional. The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 1,000 detections will be returned. The maximum value is 10,000; values above 10,000 will be coerced to 10,000. |
scope |
Optional. The data access scope to use to run the rule. This field is only required if data access control is enabled. |
Response body
LegacyTestRuleStreaming response message.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
detection |
A detection generated from the test. The following fields will not be set because the detection is not persisted: - created_time - detection[].rule_id - detection[].rule_version id will be set, but cannot be passed to other methods to retrieve the detection since it is not persisted. |
execution_error |
An execution error generated from the test. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacyTestRuleStreaming
For more information, see the IAM documentation.
ExecutionError
An execution error generated from the test.
JSON representation |
---|
{ "error": { object ( |
Fields | |
---|---|
error |
The error status corresponding with the execution error. |
time_range |
The event time range that the execution error corresponds with. |