- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.udmSearch
Performs a UDM search that returns matching events for the query.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}:udmSearch
Path parameters
| Parameters | |
|---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
query |
Required. The boolean query to search for. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")' |
timeRange |
Required. Time range to search for [Inclusive start time, exclusive end time). |
limit |
Maximum number of results to be returned for the query. Anything over 10000 will be coerced to 10000. |
Request body
The request body must be empty.
Response body
Returns results matching the query and time range in UdmSearchRequest.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"events": [
{
object ( |
| Fields | |
|---|---|
events[] |
List of matched events. |
more_data_available |
Too many events matched the search criterion, some results have been omitted. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
chronicle.events.udmSearch
For more information, see the IAM documentation.