BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

Question

Hello ,As per following example,&nbsp;https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/HowToSamples/bigiq_public_api_wf/asm/t_get_event_log_record_by_support_id.html&nbsp;we can retrieve info about the Web Application Security Events .Is there any way to make the BIG-IQ to return only specific parameter not the whole event log&nbsp; ?? I am looking to return only the "sig_ids[]" .Thanks!

gbogdan · Accepted Answer

This is how can be done :&nbsp;POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._sourceRequest Body:&nbsp; {&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "query":{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "query_string":{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"query":"support_id: 123456789"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;},&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"_source": "staged_sig_ids",&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;====&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "from":0,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "size":50,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"sort":{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "date_time":"desc"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }&nbsp;&nbsp;&nbsp;&nbsp;}

jrahm · Answer

I haven't used the big-iq api, but I think the same url query parameters work there. So using $select=&lt;param&gt;&nbsp;might work in theory. The challenge looking at the data though is that sig_ids is nested three levels deep:&nbsp;
hits -&gt; hits -&gt; _source -&gt; sig_ids
Do you have the reference for what the query options are in the POST? Example from the link you provided..
{
   "query":{
      "query_string":{
         "query":"support_id: 10961136626817826933"
      }
   },
   "from":0,
   "size":50,
   "sort":{
      "date_time":"desc"
   }
}
&nbsp;

gbogdan · Answer

Hello JRahm&nbsp;,
Thanks for your response .
Unfortunately , that page is the only information I have . Is there any place where I can find more details ?
Also , I see this example&nbsp;https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/ApiReferences/bigiq_public_api_ref/r_analytics_event_query.html?highlight=security%20events&nbsp;, which using a different path , but I am not sure how to apply it to Web Application Security Events .EDITED by Leslie_Hubertus: tagged JRahm to make sure he sees this reply for follow-up 🙂
&nbsp;
&nbsp;

jrahm · Answer

Hi&nbsp;gbogdan,&nbsp;I have inquired internally, but this might require a support case to get the right eyes on it.

leslie_hubertus · Answer

Thanks for following up with your solution!

Forum Discussion

BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

5 Replies

Recent Discussions

Advise on setting up IRULE

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Related Content

custom response page for api

asmevents tool to retrieve events from an ASM device

Application Programming Interface (API) Authentication types simplified

Retrieve datagrouplist data with ansible

Enhanced Modern Applications and MicroServices SSO with NGINX