Submit Search
Create and submit a search.
Basic Parameters
| Parameter | Description |
|---|---|
| Account ID | The user account ID. |
| Query Type | The type of the query(SQL or JSON). |
| Search Query | Query for the search in SQL or JSON format. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Child Accounts | Option to specify child accounts and run a search in cross-account mode. It can be either all or a comma-separated list of accounts. all option forces the Search to get all children of account_id by itself. |
| End | Option to specify end of search query time frame in unix time format. Must be used with start parameter together. Timeframe specified this way is ignored if search query has exact timeframe conditions. |
| Execution Mode | Flag to force search in the specific execution mode. shared option forces the search engine to use both Lambda and ECS resources. ecs option forces the search engine to use only ECS resources. Note setting this option requires additional permissions. Default value is shared. |
| Search Timeframe Type | The type of the search timeframe. |
| Search Type | Flag to force search of specific type, auto option (by default) allows search engine to start interactive search if query allows such, overwise it starts batch search. batch option forces search engine to run given search in batch mode explicitly. report option forces search engine to run search in background batch mode. Default value is auto. |
| Start | Option to specify start of search query time frame in unix time format. Must be used with end parameter together. Timeframe specified this way is ignored if search query has exact timeframe conditions. |
| Timeframe | Option to specify search time frame duration as past seconds. Timeframe specified this way is ignored if search query has exact timeframe conditions. |
Example Output
{
"account_id": "10110100",
"search_status": "pending",
"status_details": "pending",
"external_details": "pending",
"search_uuid": "41A1DA2A-5118-4365-B361-E6BF3AD2673A",
}
Workflow Library Example
Submit Search with Alert Logic and Send Results Via Email
Preview this Workflow on desktop