Create¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Name (Added in the iteration on 2024-09-04, default name: creator_creation time) Nullable: False Allow empty string: False Maximum length: 64 |
|
| desc | string | Description (Added in the iteration on 2024-09-04) Example: Description1 Nullable: False Allow empty string: True Maximum length: 256 |
|
| indexes | array | Y | Index UUIDs, [""] means all Example: [''] Nullable: False |
| roleUUIDs | array | Y | List of roles Example: [] Nullable: False |
| conditions | string | Y | Filtering search Example: search Nullable: False |
| extend | json | Frontend custom extension fields Example: xxx Nullable: False |
|
| logic | string | Y | Logic field Example: or Nullable: False |
| maskFields | string | Masking fields, multiple fields separated by commas Example: message,host Nullable: False Allow empty string: True |
|
| reExprs | array | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Nullable: False |
Supplementary Parameter Explanation¶
Data explanation.*
1. Role authorization access explanation 1. Specified roles can only query data within the specified query range. 2. If a user has multiple roles and some roles are not included in this rule's roles, then this data access rule will not apply to that user, meaning no restriction on the query scope. 3. The logical relationship between multiple log data access rules in a workspace is an "or" relationship.
2. Request parameter explanation
| Parameter Name | type | Required | Description |
|---|---|---|---|
| name | string | Y | Name |
| desc | String | N | Description |
| indexes | array | Y | Log index information, if it is an index authorization outside this workspace (must be authorized by workspace), use WorkspaceUUID:IndexUUID, for example: ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Y | List of role UUIDs |
| conditions | string | N | Actual filtering conditions used for the data range, for example: "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Y | Extension fields, storing the structure content of conditions, used for frontend page display, for example: |
| logic | string | N | Logical field, and/or, used to connect filtering conditions |
| maskFields | string | N | Masking fields, multiple fields separated by commas |
| reExprs | array | N | Regular expressions, for example: [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
Request Example¶
curl 'https://openapi.guance.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"Mask QQ email","reExpr":"[a-zA-Z0-9_]+@guance.com","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "Mask QQ email",
"reExpr": "[a-zA-Z0-9_]+@guance.com"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}