Object type: Filter object | ||
---|---|---|
Information about the filter | ||
Field | Required | Description |
builderData | false | This is a nested JSON object containing information used to display the filter in Structured or Free-Form in Web UI. |
description | false | This is the description of the filter |
isFreeform | false | Boolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information. |
name | true | Name of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail. |
sharedRoleIds | false | This is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES |
shareType | false | Specify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission. |
value | true | The Apache Lucene query forming the filter |
Object type: Filter object | |
---|---|
Information about the newly created filter | |
Field | Description |
builderData | This is a nested JSON object that is used to display the filter in Structured or Free-Form in Web UI. |
description | This is the description of the filter |
id | This is the UUID of the newly created filter. |
isFreeform | Boolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information. |
name | Name of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail. |
sharedRoleIds | This is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES |
shareType | Specify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission. |
value | The Apache Lucene query forming the filter |
POST /filters
{ "id":"4E2923C0-C4D4-102E-9DDB-00163EE8ED6B", "name":"My Filter", "description":"Events having severity between and inclusive of 0 and 3.", "value":"(sev:[0 TO 3])", "isFreeform":"false", "ownerId":"0", "shareType":"NONE", "builderData":"[{"fieldName":"rv145"},{"fieldName":"_data"},{"fieldName":"taxonomy"},{"fieldName":"sev", "valueFrom":"0", "valueTo":"3", "isRange":"true", "value":"0"},{"fieldName":"booleanCondition", "booleanCondition":"and"},{"fieldName":"excludeSysEvents", "excludeSysEvents":false}]", }