POST Saved Query

POST Team

Request used to create a new Saved Query

URL

https://REGION.rest.logs.insight.rapid7.com/query/saved_queries

REGION is the data center for your account - e.g. "us" or "eu"

Method

POST

Authentication

Owner or Read Write key is required.

URL Params

None

Data Params

json
1
 {
2
        "saved_query": {
3
            "logs": [],
4
            "leql": {
5
                "during": {
6
                    "to": null,
7
                    "from": null,
8
                    "time_range": null
9
                },
10
                "statement": "where(foo=bar)"
11
            },
12
            "name": "MySearch"
13
        }
14
    }

Param	About	Required	Example
Name	The Name of the Saved Search	True	"MySearch"
logs	Array of log keys	Optional	["f9c6e2c1-ac7a-4a29-8faa-a8d70f96df71"]
statement	a valid LEQL query	True	where(foo=bar)
from	lower bound of the time range you want to query against; UNIX timestamp in milliseconds	Optional	1450557604000
to	lower bound of the time range you want to query against; UNIX timestamp in milliseconds	Optional	1460557604000
time_range	Time Range	Optional	"Last 4 Days"

Success Response

Code 201Content:

json
1
{
2
        "saved_query": {
3
            "id": "",
4
            "logs": [],
5
            "leql": {
6
                "during": {
7
                    "to": null,
8
                    "from": null,
9
                    "time_range": null
10
                },
11
                "statement": "where(foo=bar)"
12
            },
13
            "name": "MySearch"
14
        }
15
    }

Error Response

400 if search name is invalid. Validation: 1-32 chars in length
400 if LEQL query is invalid. Validation: 1-1024 chars in length

Sample Call

python
1
import base64
2
import datetime
3
import hashlib
4
import hmac
5
import json
6
import requests
7
8
rw_key = "37885dd4-e870-4761-84bd-13622451ae5e"
9
uri = 'query/saved_queries'
10
body = {
11
        "saved_query": {
12
            "logs": [],
13
            "leql": {
14
                "during": {
15
                    "to": null,
16
                    "from": null,
17
                    "time_range": null
18
                },
19
                "statement": "where(foo=bar)"
20
            },
21
            "name": "MySearch"
22
        }
23
    }
24
25
def create_query():
26
    url = "https://us.rest.logs.insight.rapid7.com/" + uri
27
    headers = {
28
        'x-api-key': rw_key,
29
        "Content-Type": "application/json"
30
    }
31
    r = requests.post(url, data=json.dumps(body, separators=(',', ':')), headers=headers)
32
    print r.status_code, r.content
33
34
35
def start():
36
    create_query()
37
38
if __name__ == '__main__':
39
    start()

Notes

Did this page help you?

REST API

GET All Saved Queries

REST API

PUT Saved Query