Object type: event-search-status | |
---|---|
An EventSearchStatus object is used to obtain the status of an existing search job without affecting the job's last-accessed time. | |
Field | Description |
aggregate-obj | An "aggregating object" is a Sentinel object that has events associated with it. Current objects are Incidents and Correlated Events. Specifying an aggregating object restricts the results of the event search to only those events associated with the aggregating object. |
avail | The available count number indicates the total number of events that are currently available in the results that can be obtained from the search job. |
end | The end of the search date range specifies the latest date and time for which events will be returned. The end of the range is exclusive. |
event-search | The URL referencing the EventSearch object for which the EventSearchStatus object is providing the status. |
fields | Fields is the set of event field names whose values are to be returned in the search results. Limiting the result fields can descrease the amount of data that must be transported. The special value "none" indicates that no field values are to be returned. An empty set indicates that all field values are to be returned. |
filter | The filter is the search query string that specifies the set of events that the event search job will return. |
found | The found count number indicates the total number of events found that match the search job parameters. |
InitiatingHostName | The hostname of the system that initiated the search job, if available. |
init-user | The name of the user that initiated the search job. This may be different than the Owner username if the search job is for a distributed search. |
ip | The IP address of the system from which the search job was initiated. |
job-end | The job end time is the time the search job finished. |
job-start | The job start time is the time the search job started running. |
last-accessed | The last accessed time is the last time the search job was accessed for the purposes of getting search results. |
max-results | The maximum results number specifies the maximum event objects that the search job will return. This may be less that the maximum event objects that match the search parameters. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
owner | The owner link is a URL that is used to obtain the user object of the user which started the search job. The link will be empty for SYSTEM search jobs. |
pgsize | The page size specifies the number of event objects that will be returned in a single request for the results of the search job. |
results | The results link is a URL that is used to obtain the first page of the results of the search job. |
start | The start of the search date range specifies the earliest date and time for which events will be returned. The start of the range is inclusive. |
status | The status of a search job reflects the search job's current state. Values are: 0 (Pending), 1 (Running), 2 (Completed), 3 (Completed with Errors), 4 (Unavailable), 5 (Canceled), 6 (Access Denied). |
type | The type of a search job indicates the use for which the search job is started. Values are: "SYSTEM", an internal Sentinel job. "USER", started by a Sentinel user. "REPORT", used to obtain the results for use in a report. "DATASYNC", started to obtain results that will be synchronized from the event store to a relational database. "DIST", indicating a search started on behalf of a remote search console. |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/event-search-status/Wildebeest
{ "meta":{ "type":"event-search-status", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/event-search-status/Wildebeest" }, "status":2, "InitiatingHostName":"jdoe_desktop.company.com", "event-search":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/event-search/Wildebeest" }, "pgsize":125, "last-accessed":"2012-04-25T13:33:44.564Z", "job-start":"2012-04-25T13:33:44.564Z", "avail":200000, "type":"USER", "ip":"10.0.0.23", "aggregate-obj":{ "@href":"Wildebeest" }, "results":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/event?query=_jobid_.eWildebeest&page=1&pagesize=125&field=dt&field=evt" }, "max-results":42, "start":"2012-04-25T13:33:44.564Z", "job-end":"2012-04-25T13:33:44.564Z", "init-user":"jdoe", "end":"2012-04-25T13:33:44.564Z", "filter":"sev:4", "fields":[ "dt", "evt" ], "found":1567345 }
Object type: event-search-status | ||
---|---|---|
An EventSearchStatus object is used to obtain the status of an existing search job without affecting the job's last-accessed time. | ||
Field | Required | Description |
aggregate-obj | false | An "aggregating object" is a Sentinel object that has events associated with it. Current objects are Incidents and Correlated Events. Specifying an aggregating object restricts the results of the event search to only those events associated with the aggregating object. |
end | false | The end of the search date range specifies the latest date and time for which events will be returned. The end of the range is exclusive. |
fields | false | Fields is the set of event field names whose values are to be returned in the search results. Limiting the result fields can descrease the amount of data that must be transported. The special value "none" indicates that no field values are to be returned. An empty set indicates that all field values are to be returned. |
filter | false | The filter is the search query string that specifies the set of events that the event search job will return. |
InitiatingHostName | false | The hostname of the system that initiated the search job, if available. |
init-user | false | The name of the user that initiated the search job. This may be different than the Owner username if the search job is for a distributed search. |
ip | false | The IP address of the system from which the search job was initiated. |
job-end | false | The job end time is the time the search job finished. |
job-start | false | The job start time is the time the search job started running. |
last-accessed | false | The last accessed time is the last time the search job was accessed for the purposes of getting search results. |
max-results | false | The maximum results number specifies the maximum event objects that the search job will return. This may be less that the maximum event objects that match the search parameters. |
pgsize | false | The page size specifies the number of event objects that will be returned in a single request for the results of the search job. |
start | false | The start of the search date range specifies the earliest date and time for which events will be returned. The start of the range is inclusive. |
type | false | The type of a search job indicates the use for which the search job is started. Values are: "SYSTEM", an internal Sentinel job. "USER", started by a Sentinel user. "REPORT", used to obtain the results for use in a report. "DATASYNC", started to obtain results that will be synchronized from the event store to a relational database. "DIST", indicating a search started on behalf of a remote search console. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/event-search-status/Wildebeest
{ "InitiatingHostName":"jdoe_desktop.company.com", "event-search":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/event-search/Wildebeest" }, "pgsize":125, "last-accessed":"2012-04-25T13:33:44.564Z", "job-start":"2012-04-25T13:33:44.564Z", "type":"USER", "ip":"10.0.0.23", "aggregate-obj":{ "@href":"Wildebeest" }, "results":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/event?query=_jobid_.eWildebeest&page=1&pagesize=125&field=dt&field=evt" }, "max-results":42, "start":"2012-04-25T13:33:44.564Z", "job-end":"2012-04-25T13:33:44.564Z", "init-user":"jdoe", "end":"2012-04-25T13:33:44.564Z", "filter":"sev:4", "fields":[ "dt", "evt" ] }
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/event-search-status/Wildebeest