Method: instances.findUdmFieldValues

Full name: projects.locations.instances.findUdmFieldValues

Finds ingested UDM field values that match a query.

GET https://chronicle.googleapis.com/v1alpha/{instance}:findUdmFieldValues

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Parameters

Parameters
`query`	`string` Required. The partial UDM field value to match.
`pageSize`	`integer` Optional. The maximum number of value matches to return. If unspecified, a default value will be used.

query

string

Required. The partial UDM field value to match.

pageSize

integer

Optional. The maximum number of value matches to return. If unspecified, a default value will be used.

The request body must be empty.

Ingested UDM field values that match a query.

If successful, the response body contains data with the following structure:

JSON representation
{ "value_matches": [ { object (`ValueMatch`) } ], "field_matches": [ { object (`FieldMatch`) } ], "field_match_regex": string, "next_page_token": string }

Fields
`value_matches[]`	`object (ValueMatch)` Values that match the query.
`field_matches[]`	`object (FieldMatch)` Fields that might contain a matching value.
`field_match_regex`	`string` A regular expression based on the query that can be used to find matching values within the field-level matches.
`next_page_token`	`string` Currently, this field is used only to indicate whether more value matches are available. If it is empty, there are no more value matches.

Requires the following OAuth scope:

For more information, see the Authentication Overview.

Requires the following IAM permission on the instance resource:

For more information, see the IAM documentation.

ValueMatch

A UDM field value that matches the query.

JSON representation
{ "field_path": string, "value": string, "ingestion_time": string, "match_start": integer, "match_end": integer }

Fields
`field_path`	`string` The UDM field containing the matching value.
`value`	`string` The matching value.
`ingestion_time`	`string (Timestamp format)` The approximate time of the last ingestion of the value. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`match_start`	`integer` The index within `value` where the matching text starts.
`match_end`	`integer` The index within `value` where the matching text ends (exclusive).

A UDM field that might contain a value that matches the query.

JSON representation
{ "field_path": string }

Fields

Fields
`field_path`	`string` The UDM field that might contain a matching value.

field_path

string

The UDM field that might contain a matching value.