Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

gbogdan
Altocumulus
Altocumulus

Hello ,

As per following example, https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/HowToSamples/bigiq_public_api_wf/asm/t_get_ev... we can retrieve info about the Web Application Security Events .

Is there any way to make the BIG-IQ to return only specific parameter not the whole event log  ?? I am looking to return only the "sig_ids[]" .

Thanks!

1 ACCEPTED SOLUTION

gbogdan
Altocumulus
Altocumulus

This is how can be done : 


POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._source
Request Body:

  {       "query":{        

  "query_string":{            

"query":"support_id: 123456789"          }      

},      

"_source": "staged_sig_ids",               <====     

  "from":0,     

  "size":50,      

"sort":{          "date_time":"desc"       }    

}

View solution in original post

5 REPLIES 5

JRahm
Community Manager
Community Manager

I haven't used the big-iq api, but I think the same url query parameters work there. So using $select=<param> might work in theory. The challenge looking at the data though is that sig_ids is nested three levels deep:
 

hits -> hits -> _source -> sig_ids

Do you have the reference for what the query options are in the POST? Example from the link you provided..

{
   "query":{
      "query_string":{
         "query":"support_id: 10961136626817826933"
      }
   },
   "from":0,
   "size":50,
   "sort":{
      "date_time":"desc"
   }
}

 

Hello @JRahm ,

Thanks for your response .

Unfortunately , that page is the only information I have . Is there any place where I can find more details ?

Also , I see this example https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/ApiReferences/bigiq_public_api_ref/r_analytic... , which using a different path , but I am not sure how to apply it to Web Application Security Events .

EDITED by @Leslie_Hubertus: tagged JRahm to make sure he sees this reply for follow-up 🙂

 

 

JRahm
Community Manager
Community Manager

Hi @gbogdan, I have inquired internally, but this might require a support case to get the right eyes on it.

gbogdan
Altocumulus
Altocumulus

This is how can be done : 


POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._source
Request Body:

  {       "query":{        

  "query_string":{            

"query":"support_id: 123456789"          }      

},      

"_source": "staged_sig_ids",               <====     

  "from":0,     

  "size":50,      

"sort":{          "date_time":"desc"       }    

}

Thanks for following up with your solution!