Skip to content
API Enriched

Suspicious User Logs Aggregation Query.

POST
/api/data/namespaces/{namespace}/app_security/suspicious_user_logs/aggregation
curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/example/app_security/suspicious_user_logs/aggregation \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "aggs": {}, "end_time": "example", "namespace": "example", "query": "example", "start_time": "example" }'

GET summary/aggregation data for suspicious user logs in the given namespace. For system namespace, all suspicious user logs for the tenant matching the query specified in the request will be considered for aggregation. User may query suspicious user logs that matches various fields such as vh_name, user, site, city, country.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
namespace
required
string

Namespace

fetch suspicious user logs for a given namespace.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
Suspicious User Logs Aggregation Request

Request to GET only aggregation data for suspicious user logs.

object
aggs
aggregations

Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key’ed by user-defined aggregation name. The response will be key’ed with the same name. Optional.

object
end_time
end time

Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to

string
<= 1024 characters
namespace
namespace

Fetch suspicious user logs for a given namespace.

string
>= 6 characters <= 1024 characters
query
query

Query is used to specify the list of matchers syntax for query := {[]} := <field_name>"" <field_name> := string One or more of these fields in the suspicious user logs may be specified in the query. Vh_name - name of the virtual host user - user ID site - source site city - name of the city country - country code := string := [”=”|”!=”|”=”|”!”] = : equal to != : not equal to =~ : regex match !~ : not regex match When more than one matcher is specified in the query, then suspicious user logs matching ALL the matchers will be returned in the response.

Optional: If not specified, all the suspicious user logs matching the given tenant and namespace will be returned in the response.

string
<= 1024 characters
start_time
start time

Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to -10m.

string
<= 1024 characters
Examplegenerated
{
  "aggs": {},
  "end_time": "example",
  "namespace": "example",
  "query": "example",
  "start_time": "example"
}

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
Suspicious User Logs Aggregation Response

Response message for SuspiciousUserLogsAggregationRequest.

object
aggs
aggregations

Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key’ed with the aggregation name specified in the request.

object
total_hits
total hits

Total number of suspicious user logs that matched the query.

string format: uint64
<= 1024 characters
Examplegenerated
{
  "aggs": {},
  "total_hits": "example"
}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example