Forum Discussion
gbogdan
Altocumulus
AltocumulusBIG-IQ RestAPI - retrieve customized Web Application Security Event Log
Hello , As per following example, https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/HowToSamples/bigiq_public_api_wf/asm/t_get_event_log_record_by_support_id.html we can retrieve info about the...
This is how can be done :
POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._source
Request Body:{ "query":{
"query_string":{
"query":"support_id: 123456789" }
},
"_source": "staged_sig_ids", <====
"from":0,
"size":50,
"sort":{ "date_time":"desc" }
}
JRahm
Admin
AdminI haven't used the big-iq api, but I think the same url query parameters work there. So using $select=<param> might work in theory. The challenge looking at the data though is that sig_ids is nested three levels deep:
hits -> hits -> _source -> sig_ids
Do you have the reference for what the query options are in the POST? Example from the link you provided..
{
"query":{
"query_string":{
"query":"support_id: 10961136626817826933"
}
},
"from":0,
"size":50,
"sort":{
"date_time":"desc"
}
}
gbogdanHello JRahm ,
Thanks for your response .
Unfortunately , that page is the only information I have . Is there any place where I can find more details ?
Also , I see this example https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/ApiReferences/bigiq_public_api_ref/r_analytics_event_query.html?highlight=security%20events , which using a different path , but I am not sure how to apply it to Web Application Security Events .
EDITED by Leslie_Hubertus: tagged JRahm to make sure he sees this reply for follow-up 🙂