Method: instances.validateQuery

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
Dialect
ErrorType
CompilationErrorPosition
- JSON representation

Full name: projects.locations.instances.validateQuery

Validates UDM search query by compiling the query.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}:validateQuery

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters

Parameters
`rawQuery`	`string` Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'
`dialect`	`enum (Dialect)` Query dialect.
`allowUnreplacedPlaceholders`	`boolean` Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.

rawQuery

string

Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'

dialect

enum (Dialect)

Query dialect.

allowUnreplacedPlaceholders

boolean

Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.

Request body

The request body must be empty.

Response body

Returns syntax error, if request's raw_query is invalidated.

If successful, the response body contains data with the following structure:

JSON representation
{ "error_type": enum (`ErrorType`), "error_text": string, "query_type": enum (`QueryType`), "error_position": { object (`CompilationErrorPosition`) } }

Fields
`error_type`	`enum (ErrorType)` The type of the error.
`error_text`	`string` The parse error message.
`query_type`	`enum (QueryType)` Query type obtained from the request
`error_position`	`object (CompilationErrorPosition)` Captures the position of the error in the query.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.events.validateQuery

For more information, see the IAM documentation.

Dialect

The dialect a UDM Search Query is written in.

Enums
`DIALECT_UNSPECIFIED`	Unknown dialect.
`DIALECT_LEGACY`	Legacy Structured Query dialect.
`DIALECT_UDM_SEARCH`	UDM Search dialect.
`DIALECT_STATS`	Stats Query Dialect

ErrorType

Error type encountered during compilation of search query.

Enums
`ERROR_TYPE_UNSPECIFIED`	The default error type.
`INVALID_QUERY_TYPE`	The query has invalid type.
`INVALID_FIELD_PATH_TYPE`	The field path in the query is invalid.
`UNCLOSED_BRACKET_TYPE`	The query contains unclosed bracket.
`BACKEND_ERROR_TYPE`	General backend error.
`UNCLOSED_QUOTES_TYPE`	The query contains unclosed quotes.
`QUERY_TOO_LARGE_TYPE`	The query is too large to be processed.

CompilationErrorPosition

Captures the position of the error in the query.

JSON representation
{ "start_line": integer, "start_column": integer, "end_line": integer, "end_column": integer }

Fields
`start_line`	`integer` The start line of the error in the query.
`start_column`	`integer` The start column of the error in the query.
`end_line`	`integer` The end line of the error in the query.
`end_column`	`integer` The end column of the error in the query.

Method: instances.validateQuery Stay organized with collections Save and categorize content based on your preferences.