Retrieve Ariel Search Progress - BlinkOps Documentation

Parameters
Example Output
Workflow Library Example

Retrieve status and metadata for Qradar AQL query executed by the Perform Ariel Search action.

External DocumentationTo learn more, visit the QRadar documentation.

Parameters

Parameter	Description
Search ID	The ID of an Ariel search. Can be obtained by using the `Perform Ariel Search` action.
Time To Wait	The number of `seconds` to wait for the search to complete.

Example Output

{
	"cursor_id": "s16",
	"compressed_data_file_count": 0,
	"compressed_data_total_size": 0,
	"data_file_count": 5470,
	"data_total_size": 67183115,
	"index_file_count": 0,
	"index_total_size": 0,
	"processed_record_count": 1256462,
	"error_messages": [
		{
			"code": "String",
			"contexts": [
				"String"
			],
			"message": "String",
			"severity": "String <one of: INFO, WARN, ERROR>"
		}
	],
	"desired_retention_time_msec": 86400000,
	"progress": 46,
	"progress_details": [
		0
	],
	"query_execution_time": 1480,
	"query_string": "SELECT sourceip, starttime, qid, sourceport  from events into s16 where sourceip in (select destinationip from events) parameters snapshotsize=2, PROGRESSDETAILSRESOLUTION=10",
	"record_count": 1240923,
	"save_results": false,
	"status": "String <one of: WAIT, EXECUTE, SORTING, COMPLETED, CANCELED, ERROR>",
	"snapshot": {
		"events": [
			{
				"sourceip": "10.100.65.20",
				"starttime": 1467049610018,
				"qid": 10034,
				"sourceport": 13675
			}
		]
	},
	"subsearch_ids": [
		"sub_id_1"
	],
	"search_id": "s16"
}

Workflow Library Example

Retrieve Ariel Search Progress with Qradar and Send Results Via Email

Preview this Workflow on desktop

QRadar Custom Action Retrieve Ariel Search Result

⌘I

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example