Method: legacy.legacyFindUdmEvents

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
UdmEventGroup
- JSON representation
EntityGroup
- JSON representation
Try it!

Full name: projects.locations.instances.legacy.legacyFindUdmEvents

Legacy endpoint for finding UDM/entity events using tokens or ids.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`tokens[]`	`string` Optional. A list of tokens, with each token referring to a group of UDM/Entity events.
`ids[]`	`string (bytes format)` Optional. A list of UDM/Entity event ids that should be returned. If both tokens and ids are provided, tokens will be discarded. A base64-encoded string.
`returnUnenrichedData`	`boolean` Optional. Whether user wants unenriched data. Default value is false.
`returnAllEventsForLog`	`boolean` Optional. Whether to return all events generated from the ingested log.

Request body

The request body must be empty.

Response body

All UDM events or entity events for a given list of tokens or ids.

If successful, the response body contains data with the following structure:

JSON representation
{ "udmEventGroups": [ { object (`UdmEventGroup`) } ], "entityGroups": [ { object (`EntityGroup`) } ] }

Fields

Fields
`udmEventGroups[]`	`object (UdmEventGroup)` Groups of UDM Events. Each group of UDM Events is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.
`entityGroups[]`	`object (EntityGroup)` Groups of UDM Entities. Each group of UDM Entities is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

udmEventGroups[]

object (UdmEventGroup)

Groups of UDM Events. Each group of UDM Events is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

entityGroups[]

object (EntityGroup)

Groups of UDM Entities. Each group of UDM Entities is associated with a single token or id in the request, and listed in the same order as tokens or ids in the request.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyFindUdmEvents

For more information, see the IAM documentation.

UdmEventGroup

All UDM events associated with a token or id. There can be multiple events associated with a single token.

JSON representation
{ "events": [ { object (`UDM`) } ] }

Fields

Fields
`events[]`	`object (UDM)` List of UDM Events associated with a token or id.

events[]

object (UDM)

List of UDM Events associated with a token or id.

EntityGroup

All UDM entity events associated with a token or id.

JSON representation
{ "entities": [ { object (`Entity`) } ] }

Fields

Fields
`entities[]`	`object (Entity)` List of Entity Events associated with a token or id.

entities[]

object (Entity)

List of Entity Events associated with a token or id.

Method: legacy.legacyFindUdmEvents Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Query parameters

Request body

Response body

Authorization scopes

IAM Permissions

UdmEventGroup

EntityGroup

Method: legacy.legacyFindUdmEvents