ves-io-schema-app_security-AppSecurityMonitoringAPI-SuspiciousUserLogsQuery
On This Page:
Examples of performing app_security AppSecurityMonitoringAPI SuspiciousUserLogsQuery
Usecase:
Suspicious user logs for virtual host vhost1
in namespace ns1
Request:
Request using vesctl:
vesctl request rpc app_security.AppSecurityMonitoringAPI.SuspiciousUserLogsQuery -i request.yaml --uri /public/namespaces/ns1/app_security/suspicious_user_logs --http-method POST
where file request.yaml has following contents:
aggs:
date_histogram:
dateAggregation:
step: 1h
endTime: "1591131600"
query: '{vh_name="vhost1"}'
startTime: "1591120800"
vesctl yaml response:
aggs: {}
logs: []
Request using curl:
curl -X 'POST' -d '{"query":"{vh_name=\"vhost1\"}","start_time":"1591120800","end_time":"1591131600","aggs":{"date_histogram":{"date_aggregation":{"step":"1h"}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_var_folders_2__8qnt6fwd5dvglr1xqq6l8b7w0000gp_T_go-build3109416560_b001_apidocs.test/host=C02FN35BMD6R/svc=S:examplesvc/site=mytestce01' 'https://acmecorp.console.ves.volterra.io/api/data/namespaces/ns1/app_security/suspicious_user_logs'
curl response:
HTTP/1.1 200 OK
Content-Length: 76
Content-Type: application/json
Date: Thu, 21 Mar 2024 14:04:32 GMT
Vary: Accept-Encoding
{
"logs": [
],
"total_hits": "0",
"aggs": {
},
"scroll_id": ""
}