- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Dialect
- ErrorType
- CompilationErrorPosition
Full name: projects.locations.instances.validateQuery
Validates UDM search query by compiling the query.
HTTP request
GET https://{endpoint}/v1/{instance}:validateQuery
Where {endpoint}
is one of the supported service endpoints
.
Path parameters
| Parameters | |
|---|---|
instance
|
Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
rawQuery
|
Query to compile and validate. Example: 'ip=/172.*/ AND metadata.event_type!="NETWORK_CONNECTION" AND ( target.ip = "3.225.179.73" OR target.ip = "23.47.48.70")' |
dialect
|
Query dialect. |
allowUnreplacedPlaceholders
|
Optional. If true, allows for unreplaced $placeholder values. Otherwise, they would result in error. |
isFederatedQuery
|
Optional. If true, the query is a federated query. |
Request body
The request body must be empty.
Response body
Returns syntax error, if request's rawQuery is invalidated.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "errorType" : enum ( |
| Fields | |
|---|---|
errorType
|
The type of the error. |
errorText
|
The parse error message. |
queryType
|
Query type obtained from the request |
errorPosition
|
Captures the position of the error in the query. |
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/cloud-platform -
https://www.googleapis.com/auth/chronicle -
https://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview .
IAM Permissions
Requires the following IAM
permission on the instance
resource:
-
chronicle.events.validateQuery
For more information, see the IAM documentation .
Dialect
The dialect a UDM Search Query is written in.
| Enums | |
|---|---|
DIALECT_UNSPECIFIED
|
Unknown dialect. |
DIALECT_LEGACY
|
Legacy Structured Query dialect. |
DIALECT_UDM_SEARCH
|
UDM Search dialect. |
DIALECT_STATS
|
Stats Query Dialect |
DIALECT_SQL
|
SQL Dialect |
ErrorType
Error type encountered during compilation of search query.
| Enums | |
|---|---|
ERROR_TYPE_UNSPECIFIED
|
The default error type. |
INVALID_QUERY_TYPE
|
The query has invalid type. |
INVALID_FIELD_PATH_TYPE
|
The field path in the query is invalid. |
UNCLOSED_BRACKET_TYPE
|
The query contains unclosed bracket. |
BACKEND_ERROR_TYPE
|
General backend error. |
UNCLOSED_QUOTES_TYPE
|
The query contains unclosed quotes. |
QUERY_TOO_LARGE_TYPE
|
The query is too large to be processed. |
CompilationErrorPosition
Captures the position of the error in the query.
| JSON representation |
|---|
{ "startLine" : integer , "startColumn" : integer , "endLine" : integer , "endColumn" : integer } |
| Fields | |
|---|---|
startLine
|
The start line of the error in the query. |
startColumn
|
The start column of the error in the query. |
endLine
|
The end line of the error in the query. |
endColumn
|
The end column of the error in the query. |
