Create a Single Data Access Rule¶
POST /api/v1/logging_query_rule/add
Overview¶
Create a single data access rule. v2 supports cross-site data access configuration.
Body Request Parameters¶
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Name (added in 2024-09-04 iteration, default name, creator_creation time) Allow empty: False Allow empty string: False Max length: 64 |
|
| desc | string | Description (added in 2024-09-04 iteration) Example: Description1 Allow empty: False Allow empty string: True Max length: 256 |
|
| regionCode | string | Y | Site-based data access authorization Allow empty: False Allow empty string: False |
| indexes | array | Y | Index UUID, [""] means all Example: [''] Allow empty: False |
| roleUUIDs | array | Y | List of roles Example: [] Allow empty: False |
| conditions | string | Y | Search filter Example: search Allow empty: False |
| extend | json | Front-end custom extension field Example: xxx Allow empty: False |
|
| logic | string | Y | Logical field Example: or Allow empty: False |
| maskFields | string | Masked fields, multiple fields separated by commas Example: message,host Allow empty: False Allow empty string: True |
|
| reExprs | array | Regular expressions Example: [{'name': 'jjj', 'reExpr': 'ss', 'enable': 0}, {'name': 'lll', 'reExpr': 'ss', 'enable': 1}] Allow empty: False |
Parameter Additional Explanation¶
Data explanation.*
1. Role Authorization Access Explanation 1. Specified roles can only query data within the specified query scope. 2. If a user has multiple roles and one of the roles is not included in the rule's roles, this data access rule will not apply to the user, i.e., the query scope is not restricted. 3. The logic between multiple log data access rules in a workspace is an OR relationship.
2. Request Parameter Explanation
| Parameter Name | Type | Required | Description |
|---|---|---|---|
| name | string | Y | Name |
| desc | String | N | Description |
| indexes | array | Y | Log index information. For non-local workspace (must be workspace-authorized) index authorization, use workspace UUID:index UUID, e.g., ["wksp_111:lgim_222", "wksp_333:lgim_444"] |
| roleUUIDs | array | Y | List of role UUIDs |
| conditions | string | N | Actual data scope filter conditions, e.g., "device IN ['PC'] and session_has_replay IN ['1']" |
| extend | dict | Y | Extension field, stores the structure of conditions for front-end display, e.g., |
| logic | string | N | Logical field, and/or, used to connect filter conditions |
| maskFields | string | N | Masked fields, multiple fields separated by commas |
| reExprs | array | N | Regular expressions, e.g., [{"name":"1111","enable":true,"reExpr":"tkn_[\da-z]*"},{"name":"liuyltest","enable":true,"reExpr":"test"}] |
| regionCode | string | Y | Site code (can be obtained via workspace/website/list interface), site information for data access configuration, default authorization for current site data |
Request Example¶
curl 'https://openapi.truewatch.com/api/v1/logging_query_rule/add' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'DF-API-KEY: <DF-API-KEY>' \
--data-raw $'{"name":"temp_test","desc":"test openapi","roleUUIDs":["general","role_3ac3042991c046f0b03452771012b268"],"indexes":["wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b","wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"],"extend":{"city":["Tafuna"]},"maskFields":"message","logic":"and","reExprs":[{"name":"qq email maxk","reExpr":"[a-zA-Z0-9_][email protected]","enable":true}],"conditions":"`city` IN [\'Tafuna\']"}' \
--compressed
Response¶
{
"code": 200,
"content": {
"conditions": "`city` IN ['Tafuna']",
"createAt": 1730529443,
"creator": "wsak_cd83804176e24ac18a8a683260ab0746",
"declaration": {
"asd": "aa,bb,cc,1,True",
"asdasd": "dawdawd",
"business": "aaa",
"dd": "dd",
"fawf": "afawf",
"organization": "64fe7b4062f74d0007b46676"
},
"deleteAt": -1,
"desc": "test openapi",
"extend": {
"city": [
"Tafuna"
]
},
"id": null,
"indexes": [
"wksp_4b57c7bab38e4a2d9630f675dc20015d:lgim_f2a50518520b467a920103a19133fa8b",
"wksp_eee1a762ed954b7588e30d9bccb717d5:lgim_72143917855c48abae5d4fb1d2fb7a1f"
],
"logic": "and",
"maskFields": "message",
"name": "temp_test",
"reExprs": [
{
"enable": true,
"name": "qq email maxk",
"reExpr": "[a-zA-Z0-9_][email protected]"
}
],
"roleUUIDs": [
"general",
"role_3ac3042991c046f0b03452771012b268"
],
"sources": [],
"status": 0,
"type": "logging",
"updateAt": null,
"updator": null,
"uuid": "lqrl_9f1de1d1440f4af5917a534299d0ad09",
"workspaceUUID": "wksp_4b57c7bab38e4a2d9630f675dc20015d"
},
"errorCode": "",
"message": "",
"success": true,
"traceId": "TRACE-25C229E5-150F-4DF1-8576-DE17259B7A16"
}