Method: instances.search

Full name: projects.locations.instances.search

Initiates a long-running search operation.

HTTP request

POST https://{endpoint}/v1alpha/{parent}:search

Where {endpoint} is one of the supported service endpoints.

Path parameters

Parameters
parent

string

Required. The resource name of the instance on which to perform the search. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation 
{
  "query": string,
  "timeRange": {
    object (Interval)
  },
  "dialect": enum (QueryDialect),
  "draftDataAccessScope": {
    object (DataAccessScope)
  },
  "resultLimit": integer
}
Fields
query

string

Required. The YL2/SQL query used for searching. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")'
timeRange

object (Interval)

Required. Time range to search for [Inclusive start time, exclusive end time).
dialect

enum (QueryDialect)

Optional. Specifies the dialect the instances.search Query is written in. If not specified, the query will be parsed as YL2.
draftDataAccessScope

object (DataAccessScope)

Optional. Data access scope used to filter events. This is intended to be used by admins to preview in-development scopes. Should only be called by users with global access. If the caller does not have global access, the request will fail.
resultLimit

integer

Optional. Requested maximum number of rows to materialize. The service may return fewer. If unspecified, a server-side default of 10,000 is used. The maximum value is 1,000,000.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.searchSessions.search

For more information, see the IAM documentation.

QueryDialect

Specifies the dialect the instances.search Query is written in.

Enums
QUERY_DIALECT_UNSPECIFIED Defaults to YL2.
YL2 YL2 query dialect.
SQL SQL query dialect.