Method: instances.validateQuery

Full name: projects.locations.instances.validateQuery

Validates UDM search query by compiling the query.

HTTP request


Path parameters

Parameters
instance

string

Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
rawQuery

string

Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'

dialect

enum (Dialect)

Query dialect.

allowUnreplacedPlaceholders

boolean

Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.

isFederatedQuery

boolean

Optional. If true, the query is a federated query.

Request body

The request body must be empty.

Response body

Returns syntax error, if request's rawQuery is invalidated.

If successful, the response body contains data with the following structure:

JSON representation
{
  "errorType": enum (ErrorType),
  "errorText": string,
  "queryType": enum (QueryType),
  "errorPosition": {
    object (CompilationErrorPosition)
  }
}
Fields
errorType

enum (ErrorType)

The type of the error.

errorText

string

The parse error message.

queryType

enum (QueryType)

Query type obtained from the request

errorPosition

object (CompilationErrorPosition)

Captures the position of the error in the query.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.events.validateQuery

For more information, see the IAM documentation.

Dialect

The dialect a UDM Search Query is written in.

Enums
DIALECT_UNSPECIFIED Unknown dialect.
DIALECT_LEGACY Legacy Structured Query dialect.
DIALECT_STATS Stats Query Dialect

ErrorType

Error type encountered during compilation of search query.

Enums
ERROR_TYPE_UNSPECIFIED The default error type.
INVALID_QUERY_TYPE The query has invalid type.
INVALID_FIELD_PATH_TYPE The field path in the query is invalid.
UNCLOSED_BRACKET_TYPE The query contains unclosed bracket.
BACKEND_ERROR_TYPE General backend error.
UNCLOSED_QUOTES_TYPE The query contains unclosed quotes.
QUERY_TOO_LARGE_TYPE The query is too large to be processed.

CompilationErrorPosition

Captures the position of the error in the query.

JSON representation
{
  "startLine": integer,
  "startColumn": integer,
  "endLine": integer,
  "endColumn": integer
}
Fields
startLine

integer

The start line of the error in the query.

startColumn

integer

The start column of the error in the query.

endLine

integer

The end line of the error in the query.

endColumn

integer

The end column of the error in the query.