POST /api/v2/events
Only search queries or aggregation queries (SELECT) are allowed.
Access: General administrator, Tenant administrator, Tier 2 analyst, Tier 1 analyst, Junior analyst, Access to NCIRCC, Access to CII.
Request body
Format: JSON
Request
| Name | Data type | Mandatory | Description | Value example | 
| period | Period | Yes | Search period | 
 | 
| sql | string | Yes | SQL query | SELECT * FROM events WHERE Type = 3 ORDER BY Timestamp DESC LIMIT 1000 SELECT sum(BytesOut) as TotalBytesSent, SourceAddress FROM events WHERE DeviceVendor = 'netflow' GROUP BY SourceAddress LIMIT 1000 SELECT count(Timestamp) as TotalEvents FROM events LIMIT 1 | 
| ClusterID | string | No, if the cluster is the only one | Storage cluster ID. You can find it by requesting a list of services with kind = storage. The cluster ID will be in the resourceID field. | 00000000-0000-0000-0000-000000000000 | 
| rawTimestamps | bool | No | Display timestamps in their current format—Milliseconds since EPOCH. False by default. | true or false | 
| emptyFields | bool | No | Display empty fields for normalized events. False by default. | true or false | 
Period
| Name | Data type | Mandatory | Description | Value example | 
| from | string | Yes | Lower bound of the period in RFC3339 format. Timestamp >= <from> | 2021-09-06T00:00:00Z (UTC) 2021-09-06T00:00:00.000Z (UTC, including milliseconds) 2021-09-06T00:00:00Z+00:00 (MSK) | 
| to | string | Yes | Upper bound of the period in RFC3339 format. Timestamp <= <to> | 2021-09-06T00:00:00Z (UTC) 2021-09-06T00:00:00.000Z (UTC, including milliseconds) 2021-09-06T00:00:00Z+00:00 (MSK) | 
Response
HTTP code: 200
Format: JSON
Result of executing the SQL query
Possible errors
| HTTP code | Description | message field value | details field value | 
|---|---|---|---|
| 400 | The lower bounds of the range is not specified | period.from required | - | 
| 400 | The lower bounds of the range is in an unsupported format | cannot parse period.from | various | 
| 400 | The lower bounds of the range is equal to zero | period.from cannot be 0 | - | 
| 400 | The upper bounds of the range is not specified | period.to required | - | 
| 400 | The upper bounds of the range is in an unsupported format | cannot parse period.to | various | 
| 400 | The upper bounds of the range is equal to zero | period.to cannot be 0 | - | 
| 400 | The lower bounds of the range is greater than the upper bounds | period.from cannot be greater than period.to | - | 
| 400 | Invalid SQL query | invalid sql | various | 
| 400 | An invalid table appears in the SQL query | the only valid table is `events` | - | 
| 400 | The SQL query lacks a LIMIT | sql: LIMIT required | - | 
| 400 | The LIMIT in the SQL query exceeds the maximum (1000) | sql: maximum LIMIT is 1000 | - | 
| 404 | Storage cluster not found | cluster not found | - | 
| 406 | The clusterID parameter was not specified, and many clusters were registered in KUMA | multiple clusters found, please provide clusterID | - | 
| 500 | No available cluster nodes | no nodes available | - | 
| 50x | Any other internal errors | event search failed | various |