Foundry LogScale
The Foundry LogScale service collection provides operations for ingesting data, managing lookup files, executing saved searches, and listing repositories and views within your CrowdStrike Falcon Foundry LogScale environment.
| Language | Last Update |
|---|---|
| Python | v1.6.1 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
ListReposV1list_repos | Lists available repositories and views |
IngestDataAsyncV1ingest_data_async | Ingest data into the application repository asynchronously |
IngestDataV1ingest_data | Ingest data into the application repository |
CreateFileV1create_file | Creates a lookup file. |
UpdateFileV1update_file | Updates a lookup file. |
CreateSavedSearchesDynamicExecuteV1execute_dynamic | Execute a dynamic saved search |
GetSavedSearchesExecuteV1get_search_results | Get the results of a saved search |
CreateSavedSearchesExecuteV1execute | Execute a saved search |
CreateSavedSearchesIngestV1populate | Populate a saved search |
GetSavedSearchesJobResultsDownloadV1download_results | Get the results of a saved search as a file |
ListViewV1list_views | List views |
ListReposV1
Section titled “ListReposV1”Lists available repositories and views
GET /loggingapi/combined/repos/v1
PEP 8
list_reposParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| check_test_data | query | boolean | Include whether test data is present in the application repository. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_repos(check_test_data=boolean)print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListReposV1(check_test_data=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListReposV1", check_test_data=boolean)print(response)Get-FalconFoundryRepositorypackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
checkTestData := boolean
response, err := client.FoundryLogscale.ListRepos( &foundry_logscale.ListReposParams{ CheckTestData: &checkTestData, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.listRepos(boolean); // checkTestData
console.log(response);use rusty_falcon::apis::foundry_logscale_api::list_repos_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_repos_v1( &falcon.cfg, // configuration Some(boolean), // check_test_data ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.list_repos_v1(check_test_data: boolean)
puts responseIngestDataAsyncV1
Section titled “IngestDataAsyncV1”Ingest data into the application repository asynchronously
POST /loggingapi/entities/data-ingestion/ingest-async/v1
PEP 8
ingest_data_asyncParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| data_content | formData | string | JSON data to ingest. |
| data_file | formData | file | Data file to ingest. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| repo | formData | string | Repository name to ingest data into. (If not part of a Foundry application.) |
| tag | formData | string or list of strings | Custom tag for ingested data in the form tag:value. |
| tag_source | formData | string | Tag the data with the specified source. |
| test_data | formData | boolean | Tag the data with test-ingest. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ingest_data_async(data_content="string", data_file="string", tag="string", tag_source="string", test_data=boolean)print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.IngestDataAsyncV1(data_content="string", data_file="string", tag="string", tag_source="string", test_data=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("IngestDataAsyncV1", data_content="string", data_file="string", repo="string", tag="string", tag_source="string", test_data=boolean)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
dataContent := "string" repo := "string" tagSource := "string" testData := boolean
response, err := client.FoundryLogscale.IngestDataAsyncV1( &foundry_logscale.IngestDataAsyncV1Params{ DataContent: &dataContent, Repo: &repo, Tag: []string{"ID1", "ID2", "ID3"}, TagSource: &tagSource, TestData: &testData, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.ingestDataAsyncV1( "string", // dataContent "string", // dataFile "string", // repo ["ID1", "ID2", "ID3"], // tag "string", // tagSource boolean // testData);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::ingest_data_async_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = ingest_data_async_v1( &falcon.cfg, // configuration Some("string"), // data_content Some(std::path::PathBuf::default()), // data_file Some("string"), // repo Some(vec!["string".to_string()]), // tag Some("string"), // tag_source Some(boolean), // test_data ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.ingest_data_async_v1(data_content: 'string', repo: 'string', tag: ['ID1', 'ID2', 'ID3'], tag_source: 'string', test_data: boolean)
puts responseIngestDataV1
Section titled “IngestDataV1”Ingest data into the application repository
POST /loggingapi/entities/data-ingestion/ingest/v1
PEP 8
ingest_dataParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| data_content | formData | string | JSON data to ingest. |
| data_file | formData | file | Data file to ingest. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| tag | formData | string or list of strings | Custom tag for ingested data in the form tag:value. |
| tag_source | formData | string | Tag the data with the specified source. |
| test_data | formData | boolean | Tag the data with test-ingest. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ingest_data(data_content="string", data_file="string", tag="string", tag_source="string", test_data=boolean)print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.IngestDataV1(data_content="string", data_file="string", tag="string", tag_source="string", test_data=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("IngestDataV1", data_content="string", data_file="string", tag="string", tag_source="string", test_data=boolean)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
dataContent := "string" tagSource := "string" testData := boolean
response, err := client.FoundryLogscale.IngestData( &foundry_logscale.IngestDataParams{ DataContent: &dataContent, Tag: []string{"ID1", "ID2", "ID3"}, TagSource: &tagSource, TestData: &testData, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.ingestData( "string", // dataContent "string", // dataFile ["ID1", "ID2", "ID3"], // tag "string", // tagSource boolean // testData);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::ingest_data_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = ingest_data_v1( &falcon.cfg, // configuration Some("string"), // data_content Some(std::path::PathBuf::default()), // data_file Some(vec!["string".to_string()]), // tag Some("string"), // tag_source Some(boolean), // test_data ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.ingest_data_v1(data_content: 'string', tag: ['ID1', 'ID2', 'ID3'], tag_source: 'string', test_data: boolean)
puts responseCreateFileV1
Section titled “CreateFileV1”Creates a lookup file.
POST /loggingapi/entities/lookup-files/v1
PEP 8
create_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| data_file | formData | file | File to be uploaded. file is also accepted for this parameter. |
| name | formData | string | Name used to identify the file. |
| description | formData | string | File description. |
| id | formData | string | Unique identifier of the file being updated. |
| repo | formData | string | Name of repository or view to save the file. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_file(data_file="string", name="string", description="string", id="string", repo="string")print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateFileV1(data_file="string", name="string", description="string", id="string", repo="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateFileV1", file_data=open("filename", "rb").read(), name="string", description="string", id="string", repo="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/lookup_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" iD := "string" repo := "string"
response, err := client.LookupFiles.CreateFileV1( &lookup_files.CreateFileV1Params{ Name: "string", Description: &description, ID: &iD, Repo: &repo, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.lookupFiles.createFileV1( "string", // file "string", // name "string", // xCSUSERNAME "string", // description "string", // id "string" // repo);
console.log(response);use rusty_falcon::apis::lookup_files_api::create_file_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_file_v1( &falcon.cfg, // configuration std::path::PathBuf::default(), // file "string", // name Some("string"), // x_cs_username Some("string"), // x_cs_useruuid Some("string"), // description Some("string"), // id Some("string"), // repo ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::LookupFiles.new
response = api.create_file_v1('string', 'string')
puts responseUpdateFileV1
Section titled “UpdateFileV1”Updates a lookup file.
PATCH /loggingapi/entities/lookup-files/v1
PEP 8
update_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | formData | string | Unique identifier of the file being updated. |
| description | formData | string | File description. |
| data_file | formData | file | File to be uploaded. file is also accepted for this parameter. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_file(data_file="string", description="string", id="string")print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateFileV1(data_file="string", description="string", id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UpdateFileV1", id="string", description="string", file_data=open("filename", "rb").read())print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/lookup_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string"
response, err := client.LookupFiles.UpdateFileV1( &lookup_files.UpdateFileV1Params{ ID: "string", Description: &description, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.lookupFiles.updateFileV1( "string", // id "string", // xCSUSERNAME "string", // description "string" // file);
console.log(response);use rusty_falcon::apis::lookup_files_api::update_file_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_file_v1( &falcon.cfg, // configuration "string", // id Some("string"), // x_cs_username Some("string"), // x_cs_useruuid Some("string"), // description Some(std::path::PathBuf::default()), // file ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::LookupFiles.new
response = api.update_file_v1('string')
puts responseCreateSavedSearchesDynamicExecuteV1
Section titled “CreateSavedSearchesDynamicExecuteV1”Execute a dynamic saved search
POST /loggingapi/entities/saved-searches/execute-dynamic/v1
PEP 8
execute_dynamicParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| app_id | query | string | Application ID |
| end | body | string | Dynamic search end |
| include_schema_generation | query | boolean | Include generated schemas in the response |
| include_test_data | query | boolean | Include test data when executing searches |
| infer_json_types | query | boolean | Whether to try to infer data types in json event response instead of returning map[string]string. |
| match_response_schema | query | boolean | Whether to validate search results against their schema. |
| metadata | query | boolean | Whether to include metadata in the response |
| mode | query | string | Mode to execute the query under. |
| body | body | dictionary | Full body payload in JSON format, not required if using other keywords. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| repo_or_view | body | string | Repository or view to search |
| search_query | body | string | Search query to perform |
| search_query_args | body | dictionary | Search query arguments to leverage when processing the query |
| start | body | string | Dynamic search start |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
search_query_args = {}
response = falcon.execute_dynamic(app_id="string", end="string", include_schema_generation=boolean, incude_test_data=boolean, infer_json_types="string", match_response_schema=boolean, metadata=boolean, mode="string", repo_or_view="string", search_query="string", search_query_args=search_query_args, start="string")print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
search_query_args = {}
response = falcon.CreateSavedSearchesDynamicExecuteV1(app_id="string", end="string", include_schema_generation=boolean, incude_test_data=boolean, infer_json_types="string", match_response_schema=boolean, metadata=boolean, mode="string", repo_or_view="string", search_query="string", search_query_args=search_query_args, start="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "end": "string", "repo_or_view": "string", "search_query": "string", "search_query_args": {}, "start": "string"}
response = falcon.command("CreateSavedSearchesDynamicExecuteV1", app_id="string", include_schema_generation=boolean, include_test_data=boolean, infer_json_types=boolean, match_response_schema=boolean, metadata=boolean, mode="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
end := "string" repo_or_view := "string" search_query := "string" start := "string" appID := "string" includeSchemaGeneration := boolean includeTestData := boolean inferJSONTypes := boolean matchResponseSchema := boolean metadata := boolean mode := "string"
response, err := client.FoundryLogscale.ExecuteDynamic( &foundry_logscale.ExecuteDynamicParams{ Body: &models.ApidomainDynamicExecuteSearchRequestV1{ End: &end, RepoOrView: &repo_or_view, SearchQuery: &search_query, SearchQueryArgs: &struct{}{}, Start: &start, }, AppID: &appID, IncludeSchemaGeneration: &includeSchemaGeneration, IncludeTestData: &includeTestData, InferJSONTypes: &inferJSONTypes, MatchResponseSchema: &matchResponseSchema, Metadata: &metadata, Mode: &mode, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.executeDynamic( { // body end: "string", repoOrView: "string", searchQuery: "string", searchQueryArgs: {}, start: "string" }, "string", // appId boolean, // includeSchemaGeneration boolean, // includeTestData boolean, // inferJsonTypes boolean, // matchResponseSchema boolean, // metadata "string" // mode);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::create_saved_searches_dynamic_execute_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApidomainDynamicExecuteSearchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApidomainDynamicExecuteSearchRequestV1 { repo_or_view: Some("string".to_string()), search_query: Some("string".to_string()), search_query_args: Default::default(), ..Default::default() };
let response = create_saved_searches_dynamic_execute_v1( &falcon.cfg, // configuration body, // body Some("string"), // app_id Some(boolean), // include_schema_generation Some(boolean), // include_test_data Some(boolean), // infer_json_types Some(boolean), // match_response_schema Some(boolean), // metadata Some("string"), // mode Some("string"), // x_cs_useruuid ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
body = { end: 'string', repo_or_view: 'string', search_query: 'string', search_query_args: {}, start: 'string'}
response = api.create_saved_searches_dynamic_execute_v1(body)
puts responseGetSavedSearchesExecuteV1
Section titled “GetSavedSearchesExecuteV1”Get the results of a saved search
GET /loggingapi/entities/saved-searches/execute/v1
PEP 8
get_search_resultsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| app_id | query | string | Application ID |
| job_id | query | string | Job ID for a previously executed async query |
| job_status_only | query | boolean | If set to true, result rows are dropped from the response and only the job status is returned |
| limit | query | string | Maximum number of records to return. |
| infer_json_types | query | boolean | Whether to try to infer data types in json event response instead of returning map[string]string. |
| match_response_schema | query | boolean | Whether to validate search results against their schema. |
| metadata | query | boolean | Whether to include metadata in the response |
| offset | query | string | Starting pagination offset of records to return. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| version | query | string | Version of resource being created |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_search_results(app_id="string", job_id="string", job_status_only="string", limit=integer, infer_json_types="string", match_response_schema=boolean, metadata=boolean, offset="string")print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetSavedSearchesExecuteV1(app_id="string", job_id="string", job_status_only="string", limit=integer, infer_json_types="string", match_response_schema=boolean, metadata=boolean, offset="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetSavedSearchesExecuteV1", job_id="string", app_id="string", infer_json_types=boolean, job_status_only=boolean, limit="string", match_response_schema=boolean, metadata=boolean, offset="string")print(response)Get-FalconFoundrySearch -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
appID := "string" inferJSONTypes := boolean jobStatusOnly := boolean limit := "string" matchResponseSchema := boolean metadata := boolean offset := "string"
response, err := client.FoundryLogscale.GetSearchResults( &foundry_logscale.GetSearchResultsParams{ JobID: "string", AppID: &appID, InferJSONTypes: &inferJSONTypes, JobStatusOnly: &jobStatusOnly, Limit: &limit, MatchResponseSchema: &matchResponseSchema, Metadata: &metadata, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.getSearchResults( "string", // jobId "string", // appId boolean, // inferJsonTypes boolean, // jobStatusOnly "string", // limit boolean, // matchResponseSchema boolean, // metadata "string" // offset);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::get_saved_searches_execute_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_saved_searches_execute_v1( &falcon.cfg, // configuration "string", // job_id Some("string"), // app_id Some(boolean), // infer_json_types Some(boolean), // job_status_only Some("string"), // limit Some(boolean), // match_response_schema Some(boolean), // metadata Some("string"), // offset Some("string"), // x_cs_useruuid ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.get_saved_searches_execute_v1('string')
puts responseCreateSavedSearchesExecuteV1
Section titled “CreateSavedSearchesExecuteV1”Execute a saved search
POST /loggingapi/entities/saved-searches/execute/v1
PEP 8
executeParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| app_id | query | string | Application ID |
| body | body | string | Full body payload in JSON format. Not required if using other keywords. |
| detailed | query | boolean | Whether to include search field details |
| end | body | string | Saved search end. |
| id | body | string | Saved search ID. |
| include_test_data | query | boolean | Include test data when executing searches |
| infer_json_types | query | boolean | Whether to try to infer data types in json event response instead of returning map[string]string. |
| match_response_schema | query | boolean | Whether to validate search results against their schema. |
| metadata | query | boolean | Whether to include metadata in the response |
| mode | body | string | Mode to execute the query under. If provided, takes precedence over the mode provided in the body. |
| name | body | string | Name of the saved search. |
| parameters | query | string | Full query string payload in JSON format. Not required if using other keywords. |
| search_parameters | body | dictionary | Parameters to use for the saved search. |
| start | body | string | Saved search start. |
| version | body | string | Version of resource being created |
| with_in | body | dictionary | Limit search results to field names matching the provided list. |
| with_limit | body | dictionary | Limit search results by a maximum count. |
| with_renames | body | list | Rename fields for display. |
| with_sort | body | dictionary | Apply sort criteria. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with_in = { "field": "string", "values": [ "string" ]}
with_limit = { "from": "string", "limit": 0}
with_renames = [ { "as": "string", "field": "string" }]
with_sort = { "fields": [ "string" ], "limit": 0, "order": [ "string" ], "reverse": true, "type": [ "string" ]}
response = falcon.execute(app_id="string", detailed=boolean, end="string", id="string", include_test_data=boolean, infer_json_types="string", match_response_schema=boolean, metadata=boolean, name="string", search_parameters={}, start="string", with_in=with_in, with_limit=with_limit, with_renames=with_renames, with_sort=with_sort)print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with_in = { "field": "string", "values": [ "string" ]}
with_limit = { "from": "string", "limit": 0}
with_renames = [ { "as": "string", "field": "string" }]
with_sort = { "fields": [ "string" ], "limit": 0, "order": [ "string" ], "reverse": true, "type": [ "string" ]}
response = falcon.CreateSavedSearchesExecuteV1(app_id="string", detailed=boolean, end="string", id="string", include_test_data=boolean, infer_json_types="string", match_response_schema=boolean, metadata=boolean, name="string", search_parameters={}, start="string", with_in=with_in, with_limit=with_limit, with_renames=with_renames, with_sort=with_sort)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "end": "string", "id": "string", "mode": "string", "name": "string", "parameters": {}, "start": "string", "version": "string", "with_in": { "field": "string", "values": ["string"] }, "with_limit": { "from": "string", "limit": integer }, "with_renames": [ { "as": "string", "field": "string" } ], "with_sort": { "fields": ["string"], "limit": integer, "order": ["string"], "reverse": boolean, "type": ["string"] }}
response = falcon.command("CreateSavedSearchesExecuteV1", app_id="string", detailed=boolean, include_test_data=boolean, infer_json_types=boolean, match_response_schema=boolean, metadata=boolean, body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
end := "string" id := "string" mode := "string" name := "string" start := "string" version := "string" as := "string" field := "string" appID := "string" detailed := boolean includeTestData := boolean inferJSONTypes := boolean matchResponseSchema := boolean metadata := boolean
response, err := client.FoundryLogscale.Execute( &foundry_logscale.ExecuteParams{ Body: &models.ApidomainSavedSearchExecuteRequestV1{ End: &end, ID: &id, Mode: &mode, Name: &name, Parameters: &struct{}{}, Start: &start, Version: &version, WithIn: &struct{}{}, WithLimit: &struct{}{}, WithRenames: []interface{}{ { As: &as, Field: &field, }, }, WithSort: &struct{}{}, }, AppID: &appID, Detailed: &detailed, IncludeTestData: &includeTestData, InferJSONTypes: &inferJSONTypes, MatchResponseSchema: &matchResponseSchema, Metadata: &metadata, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.execute( { // body end: "string", id: "string", mode: "string", name: "string", parameters: {}, start: "string", version: "string", withIn: { field: "string", values: [] }, withLimit: { from: "string", limit: integer }, withRenames: [{ as: "string", field: "string" }], withSort: { fields: [], limit: integer, order: [], reverse: boolean, type: [] } }, "string", // appId boolean, // detailed boolean, // includeTestData boolean, // inferJsonTypes boolean, // matchResponseSchema boolean // metadata);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::create_saved_searches_execute_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApidomainSavedSearchExecuteRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApidomainSavedSearchExecuteRequestV1 { ..Default::default() };
let response = create_saved_searches_execute_v1( &falcon.cfg, // configuration body, // body Some("string"), // app_id Some(boolean), // detailed Some(boolean), // include_test_data Some(boolean), // infer_json_types Some(boolean), // match_response_schema Some(boolean), // metadata Some("string"), // x_cs_useruuid ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
body = { end: 'string', id: 'string', mode: 'string', name: 'string', parameters: {}, start: 'string', version: 'string', with_in: { field: 'string', values: [] }, with_limit: { from: 'string', limit: integer }, with_renames: [{ as: 'string', field: 'string' }], with_sort: { fields: [], limit: integer, order: [], reverse: boolean, type: [] }}
response = api.create_saved_searches_execute_v1(body)
puts responseCreateSavedSearchesIngestV1
Section titled “CreateSavedSearchesIngestV1”Populate a saved search
POST /loggingapi/entities/saved-searches/ingest/v1
PEP 8
populateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| app_id | query | string | Include generated schemas in the response |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.populate(app_id="string")print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateSavedSearchesIngestV1(app_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateSavedSearchesIngestV1", app_id="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
appID := "string"
response, err := client.FoundryLogscale.Populate( &foundry_logscale.PopulateParams{ AppID: &appID, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.populate("string"); // appId
console.log(response);use rusty_falcon::apis::foundry_logscale_api::create_saved_searches_ingest_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_saved_searches_ingest_v1( &falcon.cfg, // configuration Some("string"), // app_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.create_saved_searches_ingest_v1(app_id: 'string')
puts responseGetSavedSearchesJobResultsDownloadV1
Section titled “GetSavedSearchesJobResultsDownloadV1”Get the results of a saved search as a file
GET /loggingapi/entities/saved-searches/job-results-download/v1
PEP 8
download_resultsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| job_id | query | string | Job ID for a previously executed async query |
| infer_json_types | query | boolean | Whether to try to infer data types in json event response instead of returning map[string]string. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| result_format | query | string | Result Format |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.download_results(job_id="string", infer_json_types="string", result_format="string", stream=boolean) save_file.write(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.GetSavedSearchesJobResultsDownloadV1(job_id="string", infer_json_types="string", result_format="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("GetSavedSearchesJobResultsDownloadV1", job_id="string", infer_json_types=boolean, result_format="string") save_file.write(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
inferJSONTypes := boolean resultFormat := "string"
response, err := client.FoundryLogscale.DownloadResults( &foundry_logscale.DownloadResultsParams{ JobID: "string", InferJSONTypes: &inferJSONTypes, ResultFormat: &resultFormat, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.downloadResults( "string", // jobId boolean, // inferJsonTypes "string" // resultFormat);
console.log(response);use rusty_falcon::apis::foundry_logscale_api::get_saved_searches_job_results_download_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_saved_searches_job_results_download_v1( &falcon.cfg, // configuration "string", // job_id Some(boolean), // infer_json_types Some("string"), // result_format ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.get_saved_searches_job_results_download_v1('string')
puts responseListViewV1
Section titled “ListViewV1”List views
GET /loggingapi/entities/views/v1
PEP 8
list_viewsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| check_test_data | query | boolean | Include whether test data is present in the application repository. |
Code Examples
Section titled “Code Examples”from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_views(check_test_data=boolean)print(response)from falconpy import FoundryLogScale
falcon = FoundryLogScale(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListViewV1(check_test_data=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListViewV1", check_test_data=boolean)print(response)Get-FalconFoundryViewpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/foundry_logscale")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
checkTestData := boolean
response, err := client.FoundryLogscale.ListViews( &foundry_logscale.ListViewsParams{ CheckTestData: &checkTestData, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.foundryLogscale.listViews(boolean); // checkTestData
console.log(response);use rusty_falcon::apis::foundry_logscale_api::list_view_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_view_v1( &falcon.cfg, // configuration Some(boolean), // check_test_data ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::FoundryLogscale.new
response = api.list_view_v1(check_test_data: boolean)
puts response