REST Resource: projects.locations.instances.users.searchQueries

Resource: SearchQuery
- JSON representation
QueryType
QueryLanguage
Methods

Resource: SearchQuery

Represents a Search Query from a Chronicle user.

JSON representation

JSON representation
{ "name": string, "metadata": { object (`EntryMetadata`) }, "displayName": string, "query": string, "queryId": string, "userId": string, "description": string, "placeholderNames": [ string ], "placeholderDescriptions": [ string ], "queryType": enum (`QueryType`), "naturalLanguageQuery": string, "caseInsensitive": boolean, "columnSetLabel": string, "queryLanguage": enum (`QueryLanguage`) }

{
  "name": string,
  "metadata": {
    object (EntryMetadata)
  },
  "displayName": string,
  "query": string,
  "queryId": string,
  "userId": string,
  "description": string,
  "placeholderNames": [
    string
  ],
  "placeholderDescriptions": [
    string
  ],
  "queryType": enum (QueryType),
  "naturalLanguageQuery": string,
  "caseInsensitive": boolean,
  "columnSetLabel": string,
  "queryLanguage": enum (QueryLanguage)
}

Fields
`name`	`string` Output only. Identifier. The resource name of the SearchQuery.
`metadata`	`object (EntryMetadata)` Optional. Metadata about the search query.
`displayName`	`string` Optional. Name of the query to be shown in the UI.
`query`	`string` Required. The query the user is saving.
`queryId`	`string (bytes format)` Optional. The 16 byte UUID for this query. A base64-encoded string.
`userId`	`string` Optional. The user ID for this query.
`description`	`string` Optional. Description of the overall query, to be shown in the UI.
`placeholderNames[]`	`string` Optional. Name of query placeholder value, to be shown in the UI. Each element's position corresponds to the description in the placeholderDescriptions field.
`placeholderDescriptions[]`	`string` Optional. Description of the placeholder value, to be shown in the UI.
`queryType`	`enum (QueryType)` Optional. The query type.
`naturalLanguageQuery`	`string` Optional. If applicable, the natural language query used to generate the UDM Search Query.
`caseInsensitive`	`boolean` Optional. If true, the search was performed in a case-insensitive manner.
`columnSetLabel`	`string` Optional. The label of the column set added to the search query. `columnSetLabel` maps to the `columnSets` field in the `PreferenceSet` resource.
`queryLanguage`	`enum (QueryLanguage)` Optional. The query language.

QueryType

The type of the query in the request.

Enums
`QUERY_TYPE_UNSPECIFIED`	The default query type.
`QUERY_TYPE_UDM_QUERY`	Unified Data Model Query.
`QUERY_TYPE_RAW_LOG_QUERY`	Raw Log Query.
`QUERY_TYPE_DASHBOARD_QUERY`	Dashboards Query.
`QUERY_TYPE_STATS_QUERY`	Stats Query.
`QUERY_TYPE_DATA_TABLE_QUERY`	DataTable Query.
`QUERY_TYPE_ENTITY_GRAPH_QUERY`	Entity Query.
`QUERY_TYPE_UDM_DATATABLE_JOIN`	UDM_Datatable Joins Query.
`QUERY_TYPE_JOIN_STATS_QUERY`	Joins in Stats Query.
`QUERY_TYPE_JOIN_QUERY`	Joins Query.

QueryLanguage

The language the query is written in.

Enums
`QUERY_LANGUAGE_UNSPECIFIED`	The default query language.
`QUERY_LANGUAGE_YL2`	The query is written in YARA-L 2.
`QUERY_LANGUAGE_SQL`	The query is written in GoogleSQL.

Methods
`create`	Endpoint for adding a new entry to the specified collection of user data
`delete`	Endpoint for deleting a user data saved query entry
`get`	Endpoint for getting a user's Saved query entry
`list`	Endpoint for listing the user data saved queries owned by the specified user
`patch`	Endpoint for updating user data saved query

REST Resource: projects.locations.instances.users.searchQueries

Resource: SearchQuery

QueryType

QueryLanguage

Methods

`create`

`delete`

`get`

`list`

`patch`