- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Dialect
- ErrorType
- QueryType
- CompilationErrorPosition
Full name: projects.locations.instances.validateQuery
Validates UDM search query by compiling the query.
HTTP request
GET https://chronicle.africa-south1.rep.googleapis.com/v1beta/{instance}:validateQuery Path parameters
| Parameters | |
|---|---|
instance |
Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
rawQuery |
Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")' |
dialect |
Query dialect. |
allowUnreplacedPlaceholders |
Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error. |
isFederatedQuery |
Optional. If true, the query is a federated query. |
Request body
The request body must be empty.
Response body
Returns syntax error, if request's rawQuery is invalidated.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "errorType": enum ( |
| Fields | |
|---|---|
errorType |
The type of the error. |
errorText |
The parse error message. |
queryType |
Query type obtained from the request |
errorPosition |
Captures the position of the error in the query. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
chronicle.events.validateQuery
For more information, see the IAM documentation.
Dialect
The dialect a UDM Search Query is written in.
| Enums | |
|---|---|
DIALECT_UNSPECIFIED |
Unknown dialect. |
DIALECT_LEGACY |
Legacy Structured Query dialect. |
DIALECT_UDM_SEARCH |
UDM Search dialect. |
DIALECT_STATS |
Stats Query Dialect |
DIALECT_SQL |
SQL Dialect |
ErrorType
Error type encountered during compilation of search query.
| Enums | |
|---|---|
ERROR_TYPE_UNSPECIFIED |
The default error type. |
INVALID_QUERY_TYPE |
The query has invalid type. |
INVALID_FIELD_PATH_TYPE |
The field path in the query is invalid. |
UNCLOSED_BRACKET_TYPE |
The query contains unclosed bracket. |
BACKEND_ERROR_TYPE |
General backend error. |
UNCLOSED_QUOTES_TYPE |
The query contains unclosed quotes. |
QUERY_TOO_LARGE_TYPE |
The query is too large to be processed. |
QueryType
The type of the query in the request.
| Enums | |
|---|---|
QUERY_TYPE_UNSPECIFIED |
The default query type. |
QUERY_TYPE_UDM_QUERY |
Unified Data Model Query. |
QUERY_TYPE_RAW_LOG_QUERY |
Raw Log Query. |
QUERY_TYPE_DASHBOARD_QUERY |
Dashboards Query. |
QUERY_TYPE_STATS_QUERY |
Stats Query. |
QUERY_TYPE_DATA_TABLE_QUERY |
DataTable Query. |
QUERY_TYPE_ENTITY_GRAPH_QUERY |
Entity Query. |
QUERY_TYPE_UDM_DATATABLE_JOIN |
UDM_Datatable Joins Query. |
QUERY_TYPE_JOIN_STATS_QUERY |
Joins in Stats Query. |
QUERY_TYPE_JOIN_QUERY |
Joins Query. |
CompilationErrorPosition
Captures the position of the error in the query.
| JSON representation |
|---|
{ "startLine": integer, "startColumn": integer, "endLine": integer, "endColumn": integer } |
| Fields | |
|---|---|
startLine |
The start line of the error in the query. |
startColumn |
The start column of the error in the query. |
endLine |
The end line of the error in the query. |
endColumn |
The end column of the error in the query. |