Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

Go to solution
gbogdan
Altocumulus
Altocumulus

‎31-Jan-2023 13:45

Hello ,

As per following example, https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/HowToSamples/bigiq_public_api_wf/asm/t_get_ev... we can retrieve info about the Web Application Security Events .

Is there any way to make the BIG-IQ to return only specific parameter not the whole event log  ?? I am looking to return only the "sig_ids[]" .

Thanks!

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
gbogdan
Altocumulus
Altocumulus

‎24-Feb-2023 06:56

This is how can be done : 


POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._source
Request Body:

  {       "query":{        

  "query_string":{            

"query":"support_id: 123456789"          }      

},      

"_source": "staged_sig_ids",               <====     

  "from":0,     

  "size":50,      

"sort":{          "date_time":"desc"       }    

}

View solution in original post

5 REPLIES 5

Go to solution
JRahm
Community Manager
Community Manager

‎02-Feb-2023 08:27

I haven't used the big-iq api, but I think the same url query parameters work there. So using $select=<param> might work in theory. The challenge looking at the data though is that sig_ids is nested three levels deep:
 

hits -> hits -> _source -> sig_ids

Do you have the reference for what the query options are in the POST? Example from the link you provided..

{
   "query":{
      "query_string":{
         "query":"support_id: 10961136626817826933"
      }
   },
   "from":0,
   "size":50,
   "sort":{
      "date_time":"desc"
   }
}

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Go to solution
gbogdan
Altocumulus
Altocumulus
In response to JRahm

‎02-Feb-2023 23:52 - last edited on ‎06-Feb-2023 17:22 by Community Manager

Hello @JRahm ,

Thanks for your response .

Unfortunately , that page is the only information I have . Is there any place where I can find more details ?

Also , I see this example https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0/ApiReferences/bigiq_public_api_ref/r_analytic... , which using a different path , but I am not sure how to apply it to Web Application Security Events .

EDITED by @Leslie_Hubertus: tagged JRahm to make sure he sees this reply for follow-up 🙂

 

 

0 Kudos

Go to solution
JRahm
Community Manager
Community Manager
In response to gbogdan

‎10-Feb-2023 15:33

Hi @gbogdan, I have inquired internally, but this might require a support case to get the right eyes on it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

Go to solution
gbogdan
Altocumulus
Altocumulus

‎24-Feb-2023 06:56

This is how can be done : 


POST /mgmt/cm/shared/es/logiq/asmindex/_search?filter_path=hits.hits._source
Request Body:

  {       "query":{        

  "query_string":{            

"query":"support_id: 123456789"          }      

},      

"_source": "staged_sig_ids",               <====     

  "from":0,     

  "size":50,      

"sort":{          "date_time":"desc"       }    

}

Go to solution
Leslie_Hubertus
Community Manager
Community Manager
In response to gbogdan

‎02-Mar-2023 11:28

Thanks for following up with your solution!

0 Kudos
Copyright © 2023 Khoros, LLC