Console
    Start free

    MCP Tools Reference: chronicle.googleapis.com

    Tool: list_data_table_rows

    List rows in a data table in Chronicle SIEM.

    Retrieves and displays the contents of a data table, showing all rows and their data. This is useful for reviewing table contents and verifying data integrity.

    Workflow Integration:- Use to verify data table contents after creation or updates. - Essential for auditing data quality and consistency in security context tables. - Helps understand available data when developing or troubleshooting detection rules.

    Use Cases:- Review threat intelligence data before creating detection rules. - Verify that asset inventory data is current and accurate. - Audit user role mappings for consistency and completeness.

    Args: table_name (str): Name of the data table to list rows from. project_id (str): Google Cloud project ID (required). customer_id (str): Chronicle customer ID (required). region (str): Chronicle region (e.g., "us", "europe") (required). page_size (Optional[int]): Maximum number of rows to return. Defaults to 50. page_token (Optional[str]): Pagination token. filter (Optional[str]): Filter string for row values (case-insensitive substring match).

    Returns: str: Raw JSON response containing a list of 'dataTableRows' and potentially a 'nextPageToken'.

    Example Usage: # List rows list_data_table_rows( table_name="suspicious_ips", project_id="my-project", customer_id="my-customer", region="us" )

    Next Steps: - Add more rows using add_rows_to_data_table . - Delete rows using delete_data_table_row .

    The following sample demonstrate how to use curl to invoke the list_data_table_rows MCP tool.

    Curl Request 
      
curl  
--location  
 'https://chronicle.googleapis.com/mcp' 
  
 \ 
--header  
 'content-type: application/json' 
  
 \ 
--header  
 'accept: application/json, text/event-stream' 
  
 \ 
--data  
 '{ 
 "method": "tools/call", 
 "params": { 
 "name": "list_data_table_rows", 
 "arguments": { 
 // provide these details according to the tool' 
s  
MCP  
specification  
 } 
  
 } 
,  
 "jsonrpc" 
:  
 "2.0" 
,  
 "id" 
:  
 1 
 } 
 '

    Input Schema

    Request message for ListDataTableRows.

    ListDataTableRowsRequest

    JSON representation 
     { 
 "projectId" 
 : 
 string 
 , 
 "customerId" 
 : 
 string 
 , 
 "region" 
 : 
 string 
 , 
 "tableName" 
 : 
 string 
 , 
 "pageSize" 
 : 
 integer 
 , 
 "pageToken" 
 : 
 string 
 , 
 "filter" 
 : 
 string 
 }
    Fields
    projectId

    string

    Project ID of the customer.
    customerId

    string

    Customer ID of the customer.
    region

    string

    Region of the customer.
    tableName

    string

    Name of the data table.
    pageSize

    integer

    Page size of the request.
    pageToken

    string

    Page token of the request.
    filter

    string

    Filter of the request.

    Output Schema

    Response message for listing data table rows.

    ListDataTableRowsResponse

    JSON representation 
     { 
 "dataTableRows" 
 : 
 [ 
 { 
 object (  DataTableRow 
 
) 
 } 
 ] 
 , 
 "nextPageToken" 
 : 
 string 
 }
    Fields
    dataTableRows[]

    object ( DataTableRow )

    The list of the data table rows returned.
    nextPageToken

    string

    Optional. A token, which can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

    DataTableRow

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "values" 
 : 
 [ 
 string 
 ] 
 , 
 "createTime" 
 : 
 string 
 , 
 "updateTime" 
 : 
 string 
 , 
 "rowTimeToLive" 
 : 
 string 
 }
    Fields
    name

    string

    Identifier. The resource name of the data table Format: projects/{project}/locations/{location}/instances/{instance}/dataTables/{data_table}/dataTableRows/{data_table_row}
    values[]

    string

    Required. All column values for a single row. The values should be in the same order as the columns of the data tables.
    createTime

    string ( Timestamp format)

    Output only. DataTableRow create time

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    updateTime

    string ( Timestamp format)

    Output only. DataTableRow update time

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    rowTimeToLive

    string

    Optional. User-provided TTL of the data table row.

    Timestamp

    JSON representation 
     { 
 "seconds" 
 : 
 string 
 , 
 "nanos" 
 : 
 integer 
 }
    Fields
    seconds

    string ( int64 format)

    Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be between -62135596800 and 253402300799 inclusive (which corresponds to 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z).
    nanos

    integer

    Non-negative fractions of a second at nanosecond resolution. This field is the nanosecond portion of the duration, not an alternative to seconds. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be between 0 and 999,999,999 inclusive.

    Tool Annotations

    Destructive Hint: ❌ | Idempotent Hint: ✅ | Read Only Hint: ✅ | Open World Hint: ❌
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: