Method: instances.validateQuery

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
Dialect
ErrorType
CompilationErrorPosition
- JSON representation
Try it!

Full name: projects.locations.instances.validateQuery

Validates UDM search query by compiling the query.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`rawQuery`	`string` Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'
`dialect`	`enum (Dialect)` Query dialect.
`allowUnreplacedPlaceholders`	`boolean` Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error.
`isFederatedQuery`	`boolean` Optional. If true, the query is a federated query.

Request body

The request body must be empty.

Response body

Returns syntax error, if request's rawQuery is invalidated.

If successful, the response body contains data with the following structure:

JSON representation
{ "errorType": enum (`ErrorType`), "errorText": string, "queryType": enum (`QueryType`), "errorPosition": { object (`CompilationErrorPosition`) } }

Fields
`errorType`	`enum (ErrorType)` The type of the error.
`errorText`	`string` The parse error message.
`queryType`	`enum (QueryType)` Query type obtained from the request
`errorPosition`	`object (CompilationErrorPosition)` Captures the position of the error in the query.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.events.validateQuery

For more information, see the IAM documentation.

Dialect

The dialect a UDM Search Query is written in.

Enums
`DIALECT_UNSPECIFIED`	Unknown dialect.
`DIALECT_LEGACY`	Legacy Structured Query dialect.
`DIALECT_UDM_SEARCH`	UDM Search dialect.
`DIALECT_STATS`	Stats Query Dialect

ErrorType

Error type encountered during compilation of search query.

Enums
`ERROR_TYPE_UNSPECIFIED`	The default error type.
`INVALID_QUERY_TYPE`	The query has invalid type.
`INVALID_FIELD_PATH_TYPE`	The field path in the query is invalid.
`UNCLOSED_BRACKET_TYPE`	The query contains unclosed bracket.
`BACKEND_ERROR_TYPE`	General backend error.
`UNCLOSED_QUOTES_TYPE`	The query contains unclosed quotes.
`QUERY_TOO_LARGE_TYPE`	The query is too large to be processed.

CompilationErrorPosition

Captures the position of the error in the query.

JSON representation
{ "startLine": integer, "startColumn": integer, "endLine": integer, "endColumn": integer }

Fields
`startLine`	`integer` The start line of the error in the query.
`startColumn`	`integer` The start column of the error in the query.
`endLine`	`integer` The end line of the error in the query.
`endColumn`	`integer` The end column of the error in the query.

Method: instances.validateQuery Stay organized with collections Save and categorize content based on your preferences.