REST API - registerQuery

The table summarizes the REST API - registerQuery.

Request

Format 
POST <baseurl>/audit/query/register/<tag>
Path parameters tag: Tag of the query to be registered. Must be unique among registered queries on the system.
Query parameters
  • target= string (optional, default=AUDIT): For a list of the valid targets, including information about which Event Collector database tables each target value queries, see Using Attributes in Query Filters .
  • requireallattributes=boolean (optional, default=false): Whether all attributes should be returned. Can be obtained from getAllAttributes or getAttributes
  • requiredattribute=string (0-n, default=none): Specific attributes that should be returned for each event found by the query. Can be obtained from getAllAttributes or getAttributes
  • sortorder=string (0-n, optional): What attribute or attributes the results should be sorted on, and in what direction the sort should run. Specify this in the following format:

    attribute 1:ASCENDING|DESCENDING;attribute 2:ASCENDING|DESCENDING; … attribute n:ASCENDING|DESCENDING

  • correlate=boolean (optional, default=false): Whether the query should be correlated.
Body Query element (mandatory): Text of the query to be registered.

Response

JSON Returns a JSON representation of the content of a QueryIdentifier element.
XML Returns the content of a QueryIdentifier element (from the EventCollectorQueryService schema)

Example

Request 
POST <baseurl>/audit/query/register/Q32
Request body 
<Query>
  <filter>severity='AUDIT'</filter>
</Query>
Response 
{
  "xml-fragment": {
    "guid": "1",
    "tag": "Q32"
  }
}