Create¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Name (Added in 2024-09-04 iteration, default name, creator_creation time) Allow null: False Allow empty string: False Max length: 64 |
|
| desc | string | Description (Added in 2024-09-04 iteration) Example: Description1 Allow null: False Allow empty string: True Max length: 256 |
|
| indexes | array | Y | Index uuid, [""] means all Example: [''] Allow null: False |
| roleUUIDs | array | Y | List of roles Example: [] Allow null: False |
| conditions | string | Y | Filter search Example: search Allow null: False |
| extend | json | Frontend custom extension field Example: xxx Allow null: False |
|
| logic | string | Y | Logic field Example: or Allow null: False |
| maskFields | string | Masking fields, multiple fields separated by commas Example: message,host Allow null: False Allow empty string: True |
|
| reExprs | array | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Allow null: False |
Parameter Supplementary Explanation¶
Data explanation.*
1. Role authorization access explanation 1. Specified roles can only query data within the specified query scope 2. If a user has multiple roles, and one of the user's roles is not included in the roles of this rule, then this data access rule will not take effect for that user, meaning the query scope is not restricted 3. The logical relationship between multiple log data access rules in a workspace is OR
2. Request parameter explanation
| Parameter Name | type | Required | Description |
|---|---|---|---|
| name | string | Y | Name |
| desc | String | N | Description |
| indexes | array | Y | Log index information. For index authorization from a non-local workspace (must be authorized by the workspace), use workspace UUID:index UUID, e.g., ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Y | List of role UUIDs |
| conditions | string | N | Actual filter condition for the data scope, e.g., "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Y | Extension field, storing the structured content of conditions for frontend page display, e.g., |
| logic | string | N | Logic field, and/or, used to connect filter conditions |
| maskFields | string | N | Masking fields, multiple fields separated by commas |
| reExprs | array | N | Regular expressions, e.g., [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
Request Example¶
curl 'https://openapi.guance.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"qq email maxk","reExpr":"[a-zA-Z0-9_]+@guance.com","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "qq email maxk",
"reExpr": "[a-zA-Z0-9_]+@guance.com"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}