Method: instances.validateQuery

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
Dialect
ErrorType
Try it!

Full name: projects.locations.instances.validateQuery

Validates UDM search query by compiling the query.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}:validateQuery

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters

Parameters
`rawQuery`	`string` Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'
`dialect`	`enum (Dialect)` Query dialect.
`allowUnreplacedPlaceholders`	`boolean` Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.

rawQuery

string

Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'

dialect

enum (Dialect)

Query dialect.

allowUnreplacedPlaceholders

boolean

Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.

Request body

The request body must be empty.

Response body

Returns syntax error, if request's raw_query is invalidated.

If successful, the response body contains data with the following structure:

JSON representation
{ "error_type": enum (`ErrorType`), "error_text": string }

Fields

Fields
`error_type`	`enum (ErrorType)` The type of the error.
`error_text`	`string` The parse error message.

error_type

enum (ErrorType)

The type of the error.

error_text

string

The parse error message.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.events.validateQuery

For more information, see the IAM documentation.

Dialect

The dialect a UDM Search Query is written in.

Enums
`DIALECT_UNSPECIFIED`	Unknown dialect.
`DIALECT_LEGACY`	Legacy Structured Query dialect.
`DIALECT_UDM_SEARCH`	UDM Search dialect.

ErrorType

Error type encountered during compilation of search query.

Enums
`ERROR_TYPE_UNSPECIFIED`	The default error type.
`INVALID_QUERY_TYPE`	The query has invalid type.
`INVALID_FIELD_PATH_TYPE`	The field path in the query is invalid.
`UNCLOSED_BRACKET_TYPE`	The query contains unclosed bracket.
`BACKEND_ERROR_TYPE`	General backend error.
`UNCLOSED_QUOTES_TYPE`	The query contains unclosed quotes.