Documentation Index
Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
Retrieve status and metadata for Qradar AQL query executed by the Perform Ariel Search action.
Parameters
| Parameter | Description |
|---|
| Search ID | The ID of an Ariel search. Can be obtained by using the Perform Ariel Search action. |
| Time To Wait | The number of seconds to wait for the search to complete. |
Example Output
{
"cursor_id": "s16",
"compressed_data_file_count": 0,
"compressed_data_total_size": 0,
"data_file_count": 5470,
"data_total_size": 67183115,
"index_file_count": 0,
"index_total_size": 0,
"processed_record_count": 1256462,
"error_messages": [
{
"code": "String",
"contexts": [
"String"
],
"message": "String",
"severity": "String <one of: INFO, WARN, ERROR>"
}
],
"desired_retention_time_msec": 86400000,
"progress": 46,
"progress_details": [
0
],
"query_execution_time": 1480,
"query_string": "SELECT sourceip, starttime, qid, sourceport from events into s16 where sourceip in (select destinationip from events) parameters snapshotsize=2, PROGRESSDETAILSRESOLUTION=10",
"record_count": 1240923,
"save_results": false,
"status": "String <one of: WAIT, EXECUTE, SORTING, COMPLETED, CANCELED, ERROR>",
"snapshot": {
"events": [
{
"sourceip": "10.100.65.20",
"starttime": 1467049610018,
"qid": 10034,
"sourceport": 13675
}
]
},
"subsearch_ids": [
"sub_id_1"
],
"search_id": "s16"
}
Workflow Library Example
Retrieve Ariel Search Progress with Qradar and Send Results Via Email
