Get a search’s results by an account and search ID.

Basic Parameters

ParameterDescription
Account IDThe user account ID.
Search IDThe search ID.

Advanced Parameters

ParameterDescription
DetailsReturn extra details about the search. Default value is False.
LimitLimit the number of elements on the response, default value is 100.
Next TokenThe next_token from a previous request to continue paging results.
OffsetOffset within a results page.
Selected Rowslist of result rows numbers, separated by comma (e.g. “2,5,29,31,45,99,100”). The length of the list is limited by the general requirements for the size of the GET request (2048 bytes, including URL). List should be encoded. If the requested row does not belong to the already found rows then it’ll not be returned.

Example Output

{
	"total_found": 11,
	"status_details": "<string>",
	"search_uuid": "<string>",
	"search_status": "<string>",
	"search_start": 1923341657,
	"search_end": 1798093897,
	"results": {
		"records": [
			{
				"id": {
					"msgid": "<string>",
					"datatype": "<string>",
					"aid": 2,
					"account": 196709416
				},
				"fields": {
					"Windows Event ID": "<string>",
					"User Name": [
						"<string>",
						"<string>"
					],
					"Timestamp UTC+8": "<string>",
					"Src Host Name": "<string>",
					"Src Host": null,
					"Reason": null,
					"Message Type": "<string>",
					"Message": "<string>",
					"Logon Substatus": null,
					"Logon Status": null
				}
			},
			{
				"id": {
					"msgid": "<string>",
					"datatype": "<string>",
					"aid": 1,
					"account": 115008758
				},
				"fields": {
					"Windows Event ID": "<string>",
					"User Name": [
						"<string>",
						"<string>"
					],
					"Timestamp UTC+8": "<string>",
					"Src Host Name": null,
					"Src Host": null,
					"Reason": null,
					"Message Type": "<string>",
					"Message": "<string>",
					"Logon Substatus": null,
					"Logon Status": null
				}
			}
		],
		"metadata": {
			"Windows Event ID": "<string>",
			"User Name": "<string>",
			"Timestamp UTC+8": null,
			"Src Host Name": "<string>",
			"Src Host": "<string>",
			"Reason": "<string>",
			"Message Type": "<string>",
			"Message": "<string>",
			"Logon Substatus": "<string>",
			"Logon Status": "<string>"
		},
		"columns": [
			"<string>",
			"<string>"
		]
	},
	"remaining": 2,
	"offset": 2,
	"external_details": "<string>",
	"data_type": "<string>",
	"account_id": "<string>"
}

Workflow Library Example

Get Search Results with Alert Logic and Send Results Via Email

Preview this Workflow on desktop

Get a search’s results by an account and search ID.

Basic Parameters

ParameterDescription
Account IDThe user account ID.
Search IDThe search ID.

Advanced Parameters

ParameterDescription
DetailsReturn extra details about the search. Default value is False.
LimitLimit the number of elements on the response, default value is 100.
Next TokenThe next_token from a previous request to continue paging results.
OffsetOffset within a results page.
Selected Rowslist of result rows numbers, separated by comma (e.g. “2,5,29,31,45,99,100”). The length of the list is limited by the general requirements for the size of the GET request (2048 bytes, including URL). List should be encoded. If the requested row does not belong to the already found rows then it’ll not be returned.

Example Output

{
	"total_found": 11,
	"status_details": "<string>",
	"search_uuid": "<string>",
	"search_status": "<string>",
	"search_start": 1923341657,
	"search_end": 1798093897,
	"results": {
		"records": [
			{
				"id": {
					"msgid": "<string>",
					"datatype": "<string>",
					"aid": 2,
					"account": 196709416
				},
				"fields": {
					"Windows Event ID": "<string>",
					"User Name": [
						"<string>",
						"<string>"
					],
					"Timestamp UTC+8": "<string>",
					"Src Host Name": "<string>",
					"Src Host": null,
					"Reason": null,
					"Message Type": "<string>",
					"Message": "<string>",
					"Logon Substatus": null,
					"Logon Status": null
				}
			},
			{
				"id": {
					"msgid": "<string>",
					"datatype": "<string>",
					"aid": 1,
					"account": 115008758
				},
				"fields": {
					"Windows Event ID": "<string>",
					"User Name": [
						"<string>",
						"<string>"
					],
					"Timestamp UTC+8": "<string>",
					"Src Host Name": null,
					"Src Host": null,
					"Reason": null,
					"Message Type": "<string>",
					"Message": "<string>",
					"Logon Substatus": null,
					"Logon Status": null
				}
			}
		],
		"metadata": {
			"Windows Event ID": "<string>",
			"User Name": "<string>",
			"Timestamp UTC+8": null,
			"Src Host Name": "<string>",
			"Src Host": "<string>",
			"Reason": "<string>",
			"Message Type": "<string>",
			"Message": "<string>",
			"Logon Substatus": "<string>",
			"Logon Status": "<string>"
		},
		"columns": [
			"<string>",
			"<string>"
		]
	},
	"remaining": 2,
	"offset": 2,
	"external_details": "<string>",
	"data_type": "<string>",
	"account_id": "<string>"
}

Workflow Library Example

Get Search Results with Alert Logic and Send Results Via Email

Preview this Workflow on desktop