--- openapi: 3.0.3 info: title: Axon Search API description: This page describes the available endpoints for the Axon Search API. For more information on the Axon API, refer to https://docs.logrhythm.com/docs/axon/axon-api-guide. version: 20230811231811-8665be2 tags: - name: Search Indexing paths: /search-indexing-svc/v1/tenants/{tenantId}/signals: post: tags: - Search Indexing summary: Run a Synchronous Search description: "* This method will return 400 upon receiving an invalid request.\ \ \n* This method will return 401 for unauthenticated users. \n* This method\ \ will return 403 for authenticated users who request a forbidden resource.\ \ \n" parameters: - name: tenantId in: path required: true schema: type: string - name: timeOut in: query schema: format: int32 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/LRSearchRequest' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/SearchSeekPageResponse' "400": description: Bad Request "401": description: Unauthorized "403": description: Forbidden components: schemas: AggregationBatchRequest: type: object properties: aggregationRequests: type: array items: $ref: '#/components/schemas/AggregationRequest' AggregationBatchResponse: type: object properties: aggregationResponses: type: array items: $ref: '#/components/schemas/AggregationResponse' AggregationData: title: AggregationData description: A AggregationData object required: - tenantId - source - timeField - time - field - value - function type: object allOf: - $ref: '#/components/schemas/Identifier' properties: tenantId: type: string readOnly: true nullable: false id: type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true source: type: string nullable: false sourceId: type: string filter: type: string ephemeralFilter: type: string configId: type: string timeField: type: string nullable: false time: format: date-time type: string nullable: false field: type: string nullable: false value: type: string nullable: false preAggregationValue: format: double type: number preAggregationCount: format: int32 type: integer function: allOf: - $ref: '#/components/schemas/AggregationDataFunction' - nullable: false childData: $ref: '#/components/schemas/AggregationData' AggregationDataFunction: enum: - COUNT - MAX - MIN - SUM type: string AggregationRequest: type: object properties: aggregationType: allOf: - $ref: '#/components/schemas/AggregationType' - description: The aggregation type example: COUNT | COUNT_TREND | SUM | TREND | MISSING | AVERAGE | MAX | MIN field: description: "The field to aggregate on, should be a date if requesting\ \ a trend" type: string example: origin.account.email bucketOrder: allOf: - $ref: '#/components/schemas/BucketOrder' - description: The bucket order example: TOP | BOTTOM bucketLimit: format: int32 description: The bucket limit type: integer example: 5 bucketInterval: description: The bucket interval type: string example: 5m numberOfIntervals: format: int32 description: The number of intervals for the aggregation type: integer example: 5 lrDateTimeRange: description: The Date Time Range String for this Aggregation type: string example: now-1d subAggregations: description: The Sub Aggregations for this Aggregation type: array items: $ref: '#/components/schemas/AggregationRequest' bucketStart: format: date-time description: The bucket start time type: string bucketEnd: format: date-time description: The bucket end time type: string bucketFields: description: The bucket field type: array items: type: string example: "[origin.account.email, origin.account.name]" AggregationResponse: type: object properties: aggregationType: $ref: '#/components/schemas/AggregationType' buckets: type: array items: $ref: '#/components/schemas/Bucket' field: type: string AggregationType: enum: - AVERAGE - COUNT - COUNT_TREND - MAX - MIN - MISSING - SUM - TREND type: string Bucket: type: object properties: type: $ref: '#/components/schemas/AggregationType' value: type: object count: format: int64 type: integer bucketKey: type: string aggregations: type: array items: $ref: '#/components/schemas/AggregationResponse' BucketOrder: enum: - BOTTOM - TOP type: string Error1: type: object properties: status: format: int32 type: integer message: type: string validationFailures: type: array items: $ref: '#/components/schemas/ValidationFailure' Computed: type: object properties: users: type: object additionalProperties: type: string commonEvents: type: object additionalProperties: type: string signalGroups: type: object additionalProperties: $ref: '#/components/schemas/SignalGroup' Count: type: object properties: qualifier: type: string value: format: int64 type: integer Identifier: title: Identifier description: Container for identification of tenant and entities required: - tenantId type: object properties: id: type: string readOnly: true tenantId: type: string readOnly: true nullable: false LRSearchRequest: type: object properties: tenantId: type: string writeOnly: true computedTypes: description: "Optional: Request Computed Types Return Object" type: array items: type: string example: - USERS - COMMON_EVENTS filter: description: Search Query in Filter Syntax type: string example: target.account.name="john.doe" AND target.account.email="john.doe@email.com" aggregations: $ref: '#/components/schemas/AggregationBatchRequest' searchId: description: Search Query ID type: string example: String ephemeralFilter: description: Ephemeral Filter in Filter Syntax type: string example: target.account.name="john.doe" AND target.account.email="john.doe@email.com" taskId: type: string newSearch: type: boolean time: $ref: '#/components/schemas/Time' pageRequest: $ref: '#/components/schemas/SeekPageRequest' LRSearchResult: required: - tenantId type: object properties: tenantId: type: string readOnly: true nullable: false id: type: string readOnly: true createdOn: format: date-time description: The born-on date of this entity type: string readOnly: true updatedOn: format: date-time description: The last time this entity has been modified. type: string readOnly: true result: type: object additionalProperties: type: object SearchSeekPageResponse: type: object properties: requestId: type: string error: $ref: '#/components/schemas/Error1' status: $ref: '#/components/schemas/Status' paginationInfo: allOf: - $ref: '#/components/schemas/SeekPaginationInfo' - description: "Information about the response, which may be used to make\ \ another request" content: description: The result data type: array items: $ref: '#/components/schemas/LRSearchResult' computed: allOf: - $ref: '#/components/schemas/Computed' - description: Optional Computed values for this request (if requested) count: allOf: - $ref: '#/components/schemas/Count' - description: The total count for the result data took: format: int64 description: The total time (in milliseconds) the query ran type: integer aggregationBatchResponse: allOf: - $ref: '#/components/schemas/AggregationBatchResponse' - description: Result of aggregation request SeekPageRequest: type: object properties: limit: format: int32 minimum: 0 type: integer sort: $ref: '#/components/schemas/Sort' afterId: type: string SeekPaginationInfo: title: SeekPaginationInfo description: Contains information about a SeekPageResponse which can be used to make additional SeekPageRequests type: object properties: totalCount: format: int64 description: The total number of entities in the result set. type: integer nextPage: description: The id which should be used in a SeekPageRequest to get the next page. type: string SignalGroup: type: object properties: field: type: string value: type: string Sort: required: - sortFields type: object properties: sortFields: minItems: 1 type: array items: $ref: '#/components/schemas/SortField' SortField: required: - fieldName type: object properties: fieldName: pattern: \S type: string nullable: false ascending: type: boolean Status: enum: - ACCEPTED - BAD_GATEWAY - BAD_REQUEST - CONFLICT - CREATED - EXPECTATION_FAILED - FORBIDDEN - FOUND - GATEWAY_TIMEOUT - GONE - HTTP_VERSION_NOT_SUPPORTED - INTERNAL_SERVER_ERROR - LENGTH_REQUIRED - METHOD_NOT_ALLOWED - MOVED_PERMANENTLY - NETWORK_AUTHENTICATION_REQUIRED - NOT_ACCEPTABLE - NOT_FOUND - NOT_IMPLEMENTED - NOT_MODIFIED - NO_CONTENT - OK - PARTIAL_CONTENT - PAYMENT_REQUIRED - PRECONDITION_FAILED - PRECONDITION_REQUIRED - PROXY_AUTHENTICATION_REQUIRED - REQUESTED_RANGE_NOT_SATISFIABLE - REQUEST_ENTITY_TOO_LARGE - REQUEST_HEADER_FIELDS_TOO_LARGE - REQUEST_TIMEOUT - REQUEST_URI_TOO_LONG - RESET_CONTENT - SEE_OTHER - SERVICE_UNAVAILABLE - TEMPORARY_REDIRECT - TOO_MANY_REQUESTS - UNAUTHORIZED - UNSUPPORTED_MEDIA_TYPE - USE_PROXY type: string Time: type: object properties: timeBoxEnum: allOf: - $ref: '#/components/schemas/TimeBoxEnum' - description: "A string that represents a fixed time period. If CUSTOM\ \ is used here, start_time and end_time are required." example: LAST_15_MINUTES | LAST_30_MINUTES | LAST_HOUR | LAST_4_HOURS | LAST_8_HOURS | LAST_24_HOURS | YESTERDAY | LAST_WEEK | CUSTOM startTime: format: date-time description: The start time of the period. type: string endTime: format: date-time description: The end time of the period. type: string field: type: string example: general_information.standard_message_time lrDateTime: type: string example: now-5m TimeBoxEnum: enum: - CUSTOM - LAST_15_MINUTES - LAST_24_HOURS - LAST_30_MINUTES - LAST_4_HOURS - LAST_8_HOURS - LAST_HOUR - LAST_WEEK - YESTERDAY type: string ValidationFailure: type: object properties: field: type: string message: type: string securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT apiKeyAuth: type: apiKey name: Authorization in: header