SOAP API LogQueryService, Methods
Method: ExecuteQuery
Description
Executes a complex query for logs that match query parameters.
Input
The input of this method is the argument ExecuteQuery having the following structure.
Element | Type | Nillable? | Description |
---|---|---|---|
Query | LogQueryParametersDataModel | Yes | Query |
Output
Results of the log query.
Element | Type | Nillable? | Description |
---|---|---|---|
ExecuteQueryResult | ArrayOfLogDataModel | Yes |
|
Faults
Name | Content | Description |
---|---|---|
LogRhythmWebServiceFaultFault | LogRhythmWebServiceFault | This is the error message object for all of LogRhythm Web Services. This object provides custom meaningful error messages to the client while retaining security precautions for the system. |
EXAMPLE
public void ExecuteQuery_SingleCommonEvent()
{
LogQueryServiceClient logQueryClient = new LogQueryServiceClient("LogQueryServiceBasicAuth_LogQueryService");
logQueryClient.ClientCredentials.UserName.UserName = username;
logQueryClient.ClientCredentials.UserName.Password = password;
// Build Date Range filter
LogQueryDateRangeValue dateRangeValue = new LogQueryDateRangeValue
{
StartRangeValue = DateTime.Now.AddDays(-1),
EndRangeValue = DateTime.Now
};
LogQueryFilterValueDateRangeDataModel filterValueDateRange = new LogQueryFilterValueDateRangeDataModel
{
Value = new LogQueryDateRangeValue[] { dateRangeValue },
ValueType = LogQueryFilterValueTypeEnum.DateRange
};
LogQueryFilterDataModel filterDateRange = new LogQueryFilterDataModel
{
FilterType = LogQueryFilterTypeEnum.NormalMsgDateRange,
FilterValues = filterValueDateRange,
FilterOperator = LogQueryFilterOperatorEnum.And,
FilterMode = LogQueryFilterModeEnum.FilterIn,
IncludeNullValues = false
};
// Build Common Event filter
LogQueryFilterValueIntegerDataModel filterValueCommonEvent = new LogQueryFilterValueIntegerDataModel
{
Value = new int[] { 19115 },
ValueType = LogQueryFilterValueTypeEnum.Integer
};
LogQueryFilterDataModel filterCommonEvent = new LogQueryFilterDataModel
{
FilterType = LogQueryFilterTypeEnum.CommonEvent,
FilterValues = filterValueCommonEvent,
FilterOperator = LogQueryFilterOperatorEnum.And,
FilterMode = LogQueryFilterModeEnum.FilterIn,
IncludeNullValues = true,
};
// Complete query
LogQueryParametersDataModel logQueryParameters = new LogQueryParametersDataModel()
{
MaxItems = 5000,
includeRawLogs = false,
logSourceIDs = null,
logSourceListIDs = null,
PageSize = 500,
LogManagers = new int[] { 1 },
QueryLogManagers = true,
QueryEventManager = false,
PrimaryFilter = new LogQueryFilterDataModel[2] { filterDateRange, filterCommonEvent }
};
// Execute Query
LogQueryCollection data = logQueryClient.ExecuteQuery(logQueryParameters);
}