Create a Single Data Access Rule¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Name (Added in iteration on 2024-09-04, default name: creator_creation time) Can be null: False Can be empty string: False Maximum length: 64 |
| desc | string | No | Description (Added in iteration on 2024-09-04) Example: Description1 Can be null: False Can be empty string: True Maximum length: 256 |
| indexes | array | Yes | Index UUIDs, [""] indicates all Example: [''] Can be null: False |
| roleUUIDs | array | Yes | List of roles Example: [] Can be null: False |
| conditions | string | Yes | Filtering conditions for search Example: search Can be null: False |
| extend | json | Yes | Custom extension fields for the frontend Example: xxx Can be null: False |
| logic | string | Yes | Logical operator Example: or Can be null: False |
| maskFields | string | No | Sensitive fields, multiple fields separated by commas Example: message,host Can be null: False Can be empty string: True |
| reExprs | array | No | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Can be null: False |
Additional Parameter Explanation¶
Data explanation.*
1. Role Authorization Access Explanation 1. Specified roles can only query data within the specified query range. 2. If a user has multiple roles and some of these roles are not included in this rule, then this data access rule will not apply to the user, i.e., it does not restrict the query range. 3. Multiple log data access rules within a workspace have an "or" relationship.
2. Request Parameter Explanation
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Name |
| desc | string | No | Description |
| indexes | array | Yes | Log index information; if the index is from another workspace (must be authorized), use WorkspaceUUID:IndexUUID, e.g., ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Yes | List of role UUIDs |
| conditions | string | No | Actual filtering conditions used for data scope, e.g., "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Yes | Extension fields to store structured content of conditions for frontend display, e.g., |
| logic | string | No | Logical operator, and/or, used to connect filtering conditions |
| maskFields | string | No | Sensitive fields, multiple fields separated by commas |
| reExprs | array | No | Regular expressions, e.g., [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
Request Example¶
curl 'https://openapi.guance.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"Mask QQ Email","reExpr":"[a-zA-Z0-9_]+@qq.com","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "Mask QQ Email",
"reExpr": "[a-zA-Z0-9_]+@qq.com"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}