Breadcrumbs

SOAP API LogQueryService, Methods

Method: ExecuteQuery

Description

Executes a complex query for logs that match query parameters.

Input

The input of this method is the argument ExecuteQuery having the following structure.

Element

Type

Nillable?

Description

Query

LogQueryParametersDataModel

Yes

Query

Output

Results of the log query.

Element

Type

Nillable?

Description

ExecuteQueryResult

ArrayOfLogDataModel

Yes

 

Faults

Name

Content

Description

LogRhythmWebServiceFaultFault

LogRhythmWebServiceFault

This is the error message object for all of LogRhythm Web Services.  This object provides custom meaningful error messages to the client while retaining security precautions for the system.


EXAMPLE

public void ExecuteQuery_SingleCommonEvent()

        {

            LogQueryServiceClient logQueryClient = new LogQueryServiceClient("LogQueryServiceBasicAuth_LogQueryService");

            logQueryClient.ClientCredentials.UserName.UserName = username;

            logQueryClient.ClientCredentials.UserName.Password = password;

            // Build Date Range filter

            LogQueryDateRangeValue dateRangeValue = new LogQueryDateRangeValue

                {

                    StartRangeValue = DateTime.Now.AddDays(-1),

                    EndRangeValue = DateTime.Now

                };

            LogQueryFilterValueDateRangeDataModel filterValueDateRange = new LogQueryFilterValueDateRangeDataModel

                {

                    Value = new LogQueryDateRangeValue[] { dateRangeValue },

                    ValueType = LogQueryFilterValueTypeEnum.DateRange

                };

            LogQueryFilterDataModel filterDateRange = new LogQueryFilterDataModel

                {

                    FilterType = LogQueryFilterTypeEnum.NormalMsgDateRange,

                    FilterValues = filterValueDateRange,

                    FilterOperator = LogQueryFilterOperatorEnum.And,

                    FilterMode = LogQueryFilterModeEnum.FilterIn,

                    IncludeNullValues = false

                };

            // Build Common Event filter

            LogQueryFilterValueIntegerDataModel filterValueCommonEvent = new LogQueryFilterValueIntegerDataModel

            {

                Value = new int[] { 19115 },

                ValueType = LogQueryFilterValueTypeEnum.Integer

            };

            LogQueryFilterDataModel filterCommonEvent = new LogQueryFilterDataModel

            {

                FilterType = LogQueryFilterTypeEnum.CommonEvent,

                FilterValues = filterValueCommonEvent,

                FilterOperator = LogQueryFilterOperatorEnum.And,

                FilterMode = LogQueryFilterModeEnum.FilterIn,

                IncludeNullValues = true,

            };

            // Complete query

            LogQueryParametersDataModel logQueryParameters = new LogQueryParametersDataModel()

            {

                MaxItems = 5000,

                includeRawLogs = false,

                logSourceIDs = null,

                logSourceListIDs = null,

                PageSize = 500,

                LogManagers = new int[] { 1 },

                QueryLogManagers = true,

                QueryEventManager = false,

                PrimaryFilter = new LogQueryFilterDataModel[2] { filterDateRange, filterCommonEvent }

            };

            // Execute Query

            LogQueryCollection data = logQueryClient.ExecuteQuery(logQueryParameters);

        }