openapi: 3.0.2
info:
title: Lookup REST API
description: |-
API to manage lookup life cycle by communicating with the Lookups
Manager via the HTTP protocol following REST principles.
termsOfService: https://www.devo.com/legal
contact:
name: Devo Inc
url: https://www.devo.com
email: support@devo.com
license:
name: Devo license
url: https://www.devo.com
version: 2.2.0-SNAPSHOT
externalDocs:
description: External docs description
url: https://docs.devo.com/space/latest/127500289/Lookups+API
servers:
- url: https://api.apac.devo.com/lookup-api
description: AWS APAC Lookup API server
- url: https://api.ca.devo.com/lookup-api
description: AWS CA Lookup API server
- url: https://api.eu.devo.com/lookup-api
description: AWS EU Lookup API server
- url: https://api.us.devo.com/lookup-api
description: AWS US Lookup API server
paths:
/internal/lookup/{domain}/{name}:
delete:
summary: Send a lookup deletion request.
description: Asynchronously send a request to the Lookups Manager to delete
an existing Lookup.
operationId: internalDeleteLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the deletion request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupDeletionResponse'
"401":
description: Unsuccessful response. User unauthorized to delete a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/internal/lookup/galactic_empire/destroyed_planets'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. User credentials are correct but the
domain or the lookup do not exist.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupDeletionError'
example:
type: LookupDeletionError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/internal/lookup/{domain}/{name}/deploy-config:
put:
summary: Asynchronously send a request to the Lookups Manager to create or update
a `Lookup`.
description: Update the configuration for a given lookup.
operationId: internalPutLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
- name: forceFileType
in: query
description: "If true, the lookup will always be saved as a file lookup. If\
\ unset or false, it will get the lookup type from the Recipe."
required: false
style: form
explode: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployConfig'
examples:
simpleStaticQuery:
value:
id:
creator: rebel_alliance
name: TotallyNotFakeData
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select 0 as key, false as IsDataFake, 2147483647 as\
\ RebelsImprisoned, 9223372036854775807 as CreditsOnImperialBanks,\
\ hex4('fffffff') as Hex4Emperor, hex8('fffffffffffffff')\
\ as Hex8Vader, 2.718281828459045 as EmperorClones, 3.141592653589793\
\ as Pi, 87.219.9.157 as EmperorIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as EmperorIP6, 0m as TimeAfterBattleOfYavin, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: false
key:
type: column
column: key
columnFilter:
- key
- IsDataFake
- RebelsImprisoned
- CreditsOnImperialBanks
- Hex4Emperor
- Hex8Vader
- EmperorClones
- Pi
- EmperorIP4
- EmperorIP6
- TimeAfterBattleOfYavin
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
complexStaticQuery:
value:
id:
creator: galactic_empire
name: ImperialIntranetActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select eventdate, domain, userid from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: false
key:
type: column
column: eventdate
columnFilter:
- eventdate
- domain
- userid
contribution:
type: add
requiresDate: false
simpleStaticS3File:
value:
id:
creator: jedi_order
name: ForceSensitiveBeings
visibility:
type: creator-only
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT8
- name: Location
from: 1
type: STRING
- name: Age
from: 2
type: FLOAT8
- name: Species
from: 3
type: STRING
- name: MidiclorianLevel
from: 4
type: FLOAT4
- name: Hex4Age
from: 5
type: HEX4
- name: Hex8Age
from: 6
type: HEX8
- name: CommLinkIP4
from: 7
type: IP4
- name: CommLinkIP6
from: 8
type: IP6
- name: TimeFromDiscovery
from: 9
type: DURATION
- name: EmpireCIDR4
from: 10
type: NET4
- name: EmpireCIDR6
from: 11
type: NET6
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
- Age
- Species
- MidiclorianLevel
- Hex4Age
- Hex8Age
- CommLinkIP4
- CommLinkIP6
- TimeFromDiscovery
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
simpleDynamicQuery:
value:
id:
creator: confederation_of_independent_systems
name: TotallyNotFakeData
recipe:
recipeType: once
source:
query: "select now() as key, false as IsPalpatineLordSidious,\
\ 2147483647 as ClonesImprisoned, 9223372036854775807 as CreditsOnBankingClan,\
\ hex4('fffffff') as Hex4Sidious, hex8('fffffffffffffff')\
\ as Hex8Dooku, 2.718281828459045 as DroidsRandomSeed, 3.141592653589793\
\ as Pi, 87.219.9.157 as GrievousIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as DroidekaIP6, 0m as TimeAfterBattleOfGeonosis, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: true
key:
type: first-column
columnFilter:
- key
- IsPalpatineLordSidious
- ClonesImprisoned
- CreditsOnBankingClan
- Hex4Sidious
- Hex8Dooku
- DroidsRandomSeed
- Pi
- GrievousIP4
- DroidekaIP6
- TimeAfterBattleOfGeonosis
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
complexDynamicQuery:
value:
id:
creator: galactic_republic
name: RepublicSenateWebActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select eventdate, sessionid, userEmail from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: true
key:
type: column
column: eventdate
columnFilter:
- eventdate
- sessionid
- userEmail
contribution:
type: add
requiresDate: false
refreshMillis: 3600000
startMillis: 537796640000
allSubdomainsS3File:
value:
id:
creator: council@jedi_order
name: JediTempleExits
visibility:
type: all-subdomains
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT4
- name: Location
from: 1
type: STRING
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: info-bucket
keyName: public/data/temple-exits.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
contribution:
type: add
requiresDate: false
required: true
responses:
"200":
description: Successful response. The actual deployment is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: a58a233b4a27
code: 400
context: null
id: ae34801e-5387-11ed-859a-532f757eb240
msg: "Contribution policy values can be 'add', 'del' and 'col'"
"401":
description: Unsuccessful response. User unauthorized to update a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/internal/lookup/galactic_empire/destroyed_planets/deploy-config'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. User credentials are correct but the
domain or the lookup do not exist.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/internal/lookup/{domain}/{name}/disable:
post:
summary: Disables an enabled Lookup setting it as inactive.
operationId: internalDisableLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: Successful response. Lookup was disabled.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationResponse'
"401":
description: Unsuccessful response. User unauthorized to disable a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/internal/lookup/galactic_empire/destroyed_planets/disable'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. User credentials are correct but the
domain or the lookup do not exist.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationError'
example:
type: LookupActivationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/internal/lookup/{domain}/{name}/enable:
post:
summary: Enables a disabled Lookup setting it as active.
operationId: internalEnableLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: Successful response. Lookup was enabled.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationResponse'
"401":
description: Unsuccessful response. User unauthorized to enable a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/internal/lookup/galactic_empire/destroyed_planets/enable'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. User credentials are correct but the
domain or the lookup do not exist.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationError'
example:
type: LookupActivationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/internal/notify:
post:
summary: Notify lookup creation/deletion.
operationId: internalNotifyLookup
responses:
"200":
description: Successful response. Lookup was disabled.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationResponse'
"401":
description: Unsuccessful response. User unauthorized to disable a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/internal/lookup/galactic_empire/destroyed_planets/disable'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. User credentials are correct but the
domain or the lookup do not exist.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupActivationError'
example:
type: LookupActivationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/lookup/{domain}:
get:
summary: Returns meta information of the lookups existing on a given domain.
operationId: listLookups
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: max_length
in: query
description: Max length of results to return. Defaults to 100.
required: false
style: form
explode: true
schema:
maximum: 1000
minimum: 1
type: integer
default: 100
- name: pageToken
in: query
description: The token for continuing a previous list request on the next
page. This should be set to the value of nextPageToken from the previous
response.
required: false
style: form
explode: true
schema:
minimum: 0
type: integer
format: int32
default: 0
- name: owner
in: query
description: |-
Whether the API should return lookups whose owner is the user's domain, whose owners are other domains, but the user's domain has visibility over them or all of them. Supported values are:
- THIS_DOMAIN: Only return lookups owned by the user's domain.
- OTHER_DOMAINS: Only return lookups owned by other domains but
are shared with the user's domain.
- ANY_DOMAIN: Return both lookups owned by the user's domain
and visible by it.
Defaults to THIS_DOMAIN.
required: false
style: form
explode: true
schema:
type: string
enum:
- THIS_DOMAIN
- OTHER_DOMAINS
- ANY_DOMAIN
default: THIS_DOMAIN
responses:
"200":
description: Successful response. Returns the list of lookups for the specified
domain
content:
application/json:
schema:
$ref: '#/components/schemas/LookupMetaInfoListResponse'
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
example:
code: 140
msg: Validation failed.
cid: 981d4e9056da
context:
failures: arg2 = 1001 <= must be less than or equal to 1000
"401":
description: Unsuccessful response. User unauthorized to list domain's lookups.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupMetaInfoListResponse'
example:
type: LookupMetaInfoListResponse
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/lookup/{domain}/{name}:
get:
summary: Returns the given lookup meta information.
operationId: getLookupMetaInfo
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: Successful response. Returns the meta information of the given
lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupMetaInfoResponse'
"401":
description: Unsuccessful response. User unauthorized to get the lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupMetaInfoResponseError'
example:
type: LookupMetaInfoResponseError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Lookup not found.
delete:
summary: Send a lookup deletion request.
description: Asynchronously send a request to the Lookups Manager to delete
an existing Lookup.
operationId: deleteLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the deletion request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupDeletionResponse'
"401":
description: Unsuccessful response. User unauthorized to delete a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupDeletionError'
example:
type: LookupDeletionError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/lookup/{domain}/{name}/deploy-config:
put:
summary: Send a lookup update request (advanced method).
description: Advanced method to send a request to update an existing Lookup.
This method is valid for both file-based (CSV) and query-based lookups.
operationId: putLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
- name: shared
in: query
description: "If true, the lookup will be saved as a shared lookup. If unset\
\ or false, it will be saved as a private lookup."
required: false
style: form
explode: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployConfig'
examples:
simpleStaticQuery:
value:
id:
creator: rebel_alliance
name: TotallyNotFakeData
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select 0 as key, false as IsDataFake, 2147483647 as\
\ RebelsImprisoned, 9223372036854775807 as CreditsOnImperialBanks,\
\ hex4('fffffff') as Hex4Emperor, hex8('fffffffffffffff')\
\ as Hex8Vader, 2.718281828459045 as EmperorClones, 3.141592653589793\
\ as Pi, 87.219.9.157 as EmperorIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as EmperorIP6, 0m as TimeAfterBattleOfYavin, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: false
key:
type: column
column: key
columnFilter:
- key
- IsDataFake
- RebelsImprisoned
- CreditsOnImperialBanks
- Hex4Emperor
- Hex8Vader
- EmperorClones
- Pi
- EmperorIP4
- EmperorIP6
- TimeAfterBattleOfYavin
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
complexStaticQuery:
value:
id:
creator: galactic_empire
name: ImperialIntranetActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select eventdate, domain, userid from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: false
key:
type: column
column: eventdate
columnFilter:
- eventdate
- domain
- userid
contribution:
type: add
requiresDate: false
simpleStaticS3File:
value:
id:
creator: jedi_order
name: ForceSensitiveBeings
visibility:
type: creator-only
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT8
- name: Location
from: 1
type: STRING
- name: Age
from: 2
type: FLOAT8
- name: Species
from: 3
type: STRING
- name: MidiclorianLevel
from: 4
type: FLOAT4
- name: Hex4Age
from: 5
type: HEX4
- name: Hex8Age
from: 6
type: HEX8
- name: CommLinkIP4
from: 7
type: IP4
- name: CommLinkIP6
from: 8
type: IP6
- name: TimeFromDiscovery
from: 9
type: DURATION
- name: EmpireCIDR4
from: 10
type: NET4
- name: EmpireCIDR6
from: 11
type: NET6
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
- Age
- Species
- MidiclorianLevel
- Hex4Age
- Hex8Age
- CommLinkIP4
- CommLinkIP6
- TimeFromDiscovery
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
simpleDynamicQuery:
value:
id:
creator: confederation_of_independent_systems
name: TotallyNotFakeData
recipe:
recipeType: once
source:
query: "select now() as key, false as IsPalpatineLordSidious,\
\ 2147483647 as ClonesImprisoned, 9223372036854775807 as CreditsOnBankingClan,\
\ hex4('fffffff') as Hex4Sidious, hex8('fffffffffffffff')\
\ as Hex8Dooku, 2.718281828459045 as DroidsRandomSeed, 3.141592653589793\
\ as Pi, 87.219.9.157 as GrievousIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as DroidekaIP6, 0m as TimeAfterBattleOfGeonosis, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: true
key:
type: first-column
columnFilter:
- key
- IsPalpatineLordSidious
- ClonesImprisoned
- CreditsOnBankingClan
- Hex4Sidious
- Hex8Dooku
- DroidsRandomSeed
- Pi
- GrievousIP4
- DroidekaIP6
- TimeAfterBattleOfGeonosis
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
complexDynamicQuery:
value:
id:
creator: galactic_republic
name: RepublicSenateWebActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select eventdate, sessionid, userEmail from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: true
key:
type: column
column: eventdate
columnFilter:
- eventdate
- sessionid
- userEmail
contribution:
type: add
requiresDate: false
refreshMillis: 3600000
startMillis: 537796640000
allSubdomainsS3File:
value:
id:
creator: council@jedi_order
name: JediTempleExits
visibility:
type: all-subdomains
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT4
- name: Location
from: 1
type: STRING
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: info-bucket
keyName: public/data/temple-exits.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
contribution:
type: add
requiresDate: false
required: true
responses:
"200":
description: Successful response. The actual deployment is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example: null
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: a58a233b4a27
code: 400
context: null
id: ae34801e-5387-11ed-859a-532f757eb240
msg: "Contribution policy values can be 'add', 'del' and 'col'"
"401":
description: Unsuccessful response. User unauthorized to update a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-config'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
post:
summary: Send a lookup creation request (advanced method).
description: Advanced method to send a request to create a new Lookup. This
method is valid for both file-based (CSV) and query-based lookups.
operationId: createLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
- name: shared
in: query
description: "If true, the lookup will be saved as a shared lookup. If unset\
\ or false, it will be saved as a private lookup."
required: false
style: form
explode: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployConfig'
examples:
simpleStaticQuery:
value:
id:
creator: rebel_alliance
name: TotallyNotFakeData
recipe:
recipeType: once
source:
query: "select 0 as key, false as IsDataFake, 2147483647 as\
\ RebelsImprisoned, 9223372036854775807 as CreditsOnImperialBanks,\
\ hex4('fffffff') as Hex4Emperor, hex8('fffffffffffffff')\
\ as Hex8Vader, 2.718281828459045 as EmperorClones, 3.141592653589793\
\ as Pi, 87.219.9.157 as EmperorIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as EmperorIP6, 0m as TimeAfterBattleOfYavin, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: false
key:
type: column
column: key
columnFilter:
- key
- IsDataFake
- RebelsImprisoned
- CreditsOnImperialBanks
- Hex4Emperor
- Hex8Vader
- EmperorClones
- Pi
- EmperorIP4
- EmperorIP6
- TimeAfterBattleOfYavin
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
complexStaticQuery:
value:
id:
creator: galactic_empire
name: ImperialIntranetActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select eventdate, domain, userid from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: false
key:
type: column
column: eventdate
columnFilter:
- eventdate
- domain
- userid
contribution:
type: add
requiresDate: false
simpleStaticS3File:
value:
id:
creator: jedi_order
name: ForceSensitiveBeings
visibility:
type: creator-only
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT8
- name: Location
from: 1
type: STRING
- name: Age
from: 2
type: FLOAT8
- name: Species
from: 3
type: STRING
- name: MidiclorianLevel
from: 4
type: FLOAT4
- name: Hex4Age
from: 5
type: HEX4
- name: Hex8Age
from: 6
type: HEX8
- name: CommLinkIP4
from: 7
type: IP4
- name: CommLinkIP6
from: 8
type: IP6
- name: TimeFromDiscovery
from: 9
type: DURATION
- name: EmpireCIDR4
from: 10
type: NET4
- name: EmpireCIDR6
from: 11
type: NET6
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
- Age
- Species
- MidiclorianLevel
- Hex4Age
- Hex8Age
- CommLinkIP4
- CommLinkIP6
- TimeFromDiscovery
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
simpleDynamicQuery:
value:
id:
creator: confederation_of_independent_systems
name: TotallyNotFakeData
recipe:
recipeType: periodic
source:
query: "select now() as key, false as IsPalpatineLordSidious,\
\ 2147483647 as ClonesImprisoned, 9223372036854775807 as CreditsOnBankingClan,\
\ hex4('fffffff') as Hex4Sidious, hex8('fffffffffffffff')\
\ as Hex8Dooku, 2.718281828459045 as DroidsRandomSeed, 3.141592653589793\
\ as Pi, 87.219.9.157 as GrievousIP4, ip6('fe80::4492:bc4b:7a53:c0d5')\
\ as DroidekaIP6, 0m as TimeAfterBattleOfGeonosis, net4('128.0.0.0/1')\
\ as EmpireCIDR4, net6('ffff:ffff:ffff:ffff::/64') as EmpireCIDR6\
\ from siem.logtrust.web.navigation where now()-1m < eventdate\
\ < now() limit 1"
lookupType:
type: normal
append: true
key:
type: first-column
columnFilter:
- key
- IsPalpatineLordSidious
- ClonesImprisoned
- CreditsOnBankingClan
- Hex4Sidious
- Hex8Dooku
- DroidsRandomSeed
- Pi
- GrievousIP4
- DroidekaIP6
- TimeAfterBattleOfGeonosis
- EmpireCIDR4
- EmpireCIDR6
contribution:
type: add
requiresDate: false
refreshMillis: 3600000
startMillis: 537796640000
complexDynamicQuery:
value:
id:
creator: galactic_republic
name: RepublicSenateWebActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select eventdate, sessionid, userEmail from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: true
key:
type: column
column: eventdate
columnFilter:
- eventdate
- sessionid
- userEmail
contribution:
type: add
requiresDate: false
refreshMillis: 3600000
startMillis: 537796640000
allSubdomainsS3File:
value:
id:
creator: council@jedi_order
name: JediTempleExits
visibility:
type: all-subdomains
recipe:
recipeType: once
source:
columns:
- name: ID
from: 0
type: INT4
- name: Location
from: 1
type: STRING
skipPreface: null
hasHeader: false
skipEmptyLines: false
fileProvider:
bucketName: info-bucket
keyName: public/data/temple-exits.csv
transferOwnership: true
lookupType:
type: normal
append: false
key:
type: column
column: ID
columnFilter:
- ID
- Location
contribution:
type: add
requiresDate: false
required: true
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: recipeType values in a Recipe can be 'once' and 'periodic'
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-config'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
"409":
description: Unsuccessful response. Lookup already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 409
context: null
id: 9b6b0f0e-b162-11ee-b3ab-77fd619670ef
msg: Lookup with domain galactic_empire and name destroyed_planets
already exists
/lookup/{domain}/{name}/deploy-csv:
put:
summary: Send a lookup update request using a CSV
description: Simplified endpoint to send a request to update an existing lookup.
Only for CSV lookups.
operationId: putCsvLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
multipart/form-data:
schema:
properties:
deploy-config:
$ref: '#/components/schemas/DeployCsv'
csv:
type: string
description: CSV file to upload. Only needed if the file was not
uploaded to S3.
format: binary
application/json:
schema:
$ref: '#/components/schemas/DeployCsv'
examples:
simpleCsvLookupUpdate:
value:
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
key:
type: column
column: ID
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
contribution:
type: add
csvLookupUpdateWithAllOptionalValues:
value:
visibility:
type: creator-only
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
skipPreface: null
hasHeader: false
skipEmptyLines: false
key:
type: column
column: ID
contribution:
type: add
required: true
responses:
"200":
description: Successful response. The actual DeployConfig object is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 200
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
skipPreface: null
hasHeader: false
skipEmptyLines: false
lookupType:
type: normal
append: true
key:
type: column
column: key
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: 300000
startMillis: 1702339200000
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: a58a233b4a27
code: 400
context: BAD_REQUEST
id: ae34801e-5387-11ed-859a-532f757eb240
msg: Bad Request
"401":
description: Unsuccessful response. User unauthorized to update a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-csv'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
post:
summary: Send a lookup creation request using a CSV
description: |
Simplified endpoint to send a request to create a new lookup. Only for CSV lookups.
It supports:
- a JSON body with the deploy-csv config with a fileProvider of the lookup file to be used
- a multipart file body, with a deploy-config .JSON file and a .CSV lookup file
operationId: createCsvLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
multipart/form-data:
schema:
properties:
deploy-config:
$ref: '#/components/schemas/DeployCsv'
csv:
type: string
description: CSV file to upload. Only needed if the file was not
uploaded to S3.
format: binary
examples:
csvLookupCreationWithCsvFiles:
description: |
Example of files that can be added. How to add them will depend on what tool you use.
e.g: with curl:
```
curl
-X POST https://host/lookup-api/lookup/self/test-upload-csv/deploy-csv
--header 'Authorization: Bearer abdf37e'
--form "deploy-config={'columns': []};type=application/json"
--form "csv=@devo-lookups-qa-stage-csv/all-atomic-types.csv;type=application/csv"
```
value:
deploy-config:
externalValue: https://gitlab.devotools.com/teams/lomaniacos/bruno-collections-lomaniacos/-/blob/main/files/simple-lookup-with-header/deploy-csv.json
csv:
externalValue: https://gitlab.devotools.com/teams/lomaniacos/bruno-collections-lomaniacos/-/blob/main/files/simple-lookup-with-header/simple_lookup.csv
csvLookupCreationWithCsvFileContents:
description: |
Example of file contents that can be added. How to add the files will depend on what tool you use.
e.g: with curl:
```
curl
-X POST https://host/lookup-api/lookup/self/test-upload-csv/deploy-csv
--header 'Authorization: Bearer abdf37e'
--form "deploy-config={'columns': []};type=application/json"
--form "csv=@devo-lookups-qa-stage-csv/all-atomic-types.csv;type=application/csv"
```
value:
deploy-config: |
{"columns": [{"name": "ID","type": "INT8"},{"name": "Location","type": "STRING"},{"name": "Age","type": "FLOAT8"},{"name": "Species","type": "STRING"},{"name": "MidiclorianLevel","type": "FLOAT4"}],"skipPreface": null,"hasHeader": false,"skipEmptyLines": false,"key": {"type": "column","column": "ID"}
csv: |
ID,Age,Species,MidiclorianLevel
John Doe,30,Human,85
Jane Smith,25,Human,90
encoding:
csv:
contentType: text/csv
style: form
application/json:
schema:
$ref: '#/components/schemas/DeployCsv'
examples:
simpleCsvLookupCreation:
value:
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
key:
type: column
column: ID
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
csvLookupCreationWithAllOptionalValues:
value:
visibility:
type: creator-only
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
skipPreface: null
hasHeader: false
skipEmptyLines: false
key:
type: column
column: ID
keepHistory: false
columnTimeReference: null
required: true
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 201
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
columns:
- name: ID
type: INT8
- name: Location
type: STRING
- name: Age
type: FLOAT8
- name: Species
type: STRING
- name: MidiclorianLevel
type: FLOAT4
fileProvider:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
skipPreface: null
hasHeader: false
skipEmptyLines: false
lookupType:
type: historic
instantPolicy: creation-instant
append: true
key:
type: column
column: key
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: null
startMillis: null
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: "KeyAlgorithm values can be 'first-column', 'column', 'row-hash',\
\ 'col-hash' and 'seq'"
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-csv'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
"409":
description: Unsuccessful response. Lookup already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 409
context: null
id: 9b6b0f0e-b162-11ee-b3ab-77fd619670ef
msg: Lookup with domain galactic_empire and name destroyed_planets
already exists
/lookup/{domain}/{name}/deploy-periodic-query:
put:
summary: Send a lookup update request for periodic queries.
description: Simplified method to send a request to update an existing lookup
based on periodic queries.
operationId: putPeriodicQueryLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployPeriodicQuery'
examples:
simplePeriodicQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-5m < eventdate < now()"
key:
type: column
column: userid
periodicQueryLookupCreationWithAllOptionalValues:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-5m < eventdate < now()"
key:
type: column
column: userid
refreshPeriod: 5m
startDate: now
append: true
required: true
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 200
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select userid, domain from siem.logtrust.web.activity\
\ where now()-5m < eventdate < now()"
lookupType:
type: normal
append: true
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: 300000
startMillis: 1702339200000
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: Start date format error
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-periodic-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
post:
summary: Send a lookup creation request for periodic queries.
description: Simplified method to send a request to create a new lookup based
on periodic queries.
operationId: createPeriodicQueryLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployPeriodicQuery'
examples:
simplePeriodicQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-5m < eventdate < now()"
key:
type: column
column: userid
periodicQueryLookupCreationWithAllOptionalValues:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-5m < eventdate < now()"
key:
type: column
column: userid
refreshPeriod: 5m
startDate: 2023-12-12T00:00:00.00Z
append: true
keepHistory: false
columnTimeReference: null
periodicQueryLookupCreationWithKeepsHistory:
value:
query: "select eventdate, userid, domain from siem.logtrust.web.navigation\
\ where now()-5m < eventdate < now()"
key:
type: column
column: userid
keepHistory: true
columnTimeReference: eventdate
required: true
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 201
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select userid, domain from siem.logtrust.web.activity\
\ where now()-5m < eventdate < now()"
lookupType:
type: historic
instantPolicy: creation-instant
append: true
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: 300000
startMillis: 1702339200000
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: refreshPeriod should be bigger than 1 minute
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-periodic-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
"409":
description: Unsuccessful response. Lookup already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 409
context: null
id: 9b6b0f0e-b162-11ee-b3ab-77fd619670ef
msg: Lookup with domain galactic_empire and name destroyed_planets
already exists
/lookup/{domain}/{name}/deploy-sliding-window-query:
put:
summary: Send a lookup update request for queries with a sliding window
description: Simplified method to send a request to update a new lookup based
on sliding window query
operationId: updateSlidingWindowQuery
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeploySlidingWindowQuery'
examples:
simpleSlidingWindowQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation"
key:
type: column
column: userid
windowSize: 1d
refreshPeriod: 10m
slidingWindowQueryLookupCreationAllOptions:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation"
key:
type: column
column: userid
windowSize: 1d
refreshPeriod: 10m
startDate: 2023-12-12T00:00:00.00Z
columnTimeReference: eventdate
responses:
"200":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 200
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select userid, domain from siem.logtrust.web.activity"
lookupType:
type: normal
append: true
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: 600000
startMillis: 1702339200000
slideWindow: 86400000
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: window size should be higher than 1 minute
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-sliding-window-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
post:
summary: Send a lookup creation request for queries with a sliding window
description: Simplified method to send a request to create a new lookup based
on sliding window query
operationId: createSlidingWindowQuery
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeploySlidingWindowQuery'
examples:
simpleSlidingWindowQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation"
key:
type: column
column: userid
window:
size: 1d
refreshPeriod: 10m
slidingWindowQueryLookupCreationAllOptions:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation"
key:
type: column
column: userid
windowsize: 1d
refreshPeriod: 10m
startDate: 2023-12-12T00:00:00.00Z
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 200
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: periodic
source:
query: "select userid, domain from siem.logtrust.web.activity"
lookupType:
type: normal
append: true
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
refreshMillis: 600000
startMillis: 1702339200000
slideWindow: 86400000
requiresDate: true
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: window size should be higher than 1 minute
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-sliding-window-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
"409":
description: Unsuccessful response. Lookup already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 409
context: null
id: 9b6b0f0e-b162-11ee-b3ab-77fd619670ef
msg: Lookup with domain galactic_empire and name destroyed_planets
already exists
/lookup/{domain}/{name}/deploy-static-query:
put:
summary: Send a lookup update request for static queries.
description: Simplified method to send a request to update an existing lookup
based on a static query.
operationId: putStaticQueryLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployStaticQuery'
examples:
simpleStaticQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-1d < eventdate < now()"
key:
type: column
column: userid
staticQueryLookupCreationWithAllOptionalValues:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-1d < eventdate < now()"
key:
type: column
column: userid
required: true
responses:
"200":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 200
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select userid, domain from siem.logtrust.web.activity\
\ where now()-1d < eventdate < now()"
lookupType:
type: normal
append: false
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: "KeyAlgorithm values can be 'first-column', 'column', 'row-hash',\
\ 'col-hash' and 'seq'"
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-static-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
post:
summary: Send a lookup creation request for static queries.
description: Simplified method to send a request to create a new lookup based
on a static query.
operationId: createStaticQueryLookup
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DeployStaticQuery'
examples:
simpleStaticQueryLookupCreation:
value:
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-1d < eventdate < now()"
key:
type: column
column: userid
staticQueryLookupCreationWithAllOptionalValues:
value:
visibility:
type: creator-only
query: "select userid, domain from siem.logtrust.web.navigation\
\ where now()-1d < eventdate < now()"
key:
type: column
column: userid
keepHistory: false
columnTimeReference: null
required: true
responses:
"201":
description: Successful response. Request was submitted to the Lookups Manager.
It includes the id of the creation request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationResponse'
example:
type: LookupCreationResponse
cid: d5ce4eb105b2
code: 201
context: null
id: c6b1e939-a57c-11ee-b1a9-a124bba45b9b
msg: "Lookup sent to creation. You can check the creation status using\
\ the provided id: /lookup/{domain}/{name}/job/{id}"
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select userid, domain from siem.logtrust.web.activity\
\ where now()-1d < eventdate < now()"
lookupType:
type: historic
instantPolicy: creation-instant
append: false
key:
type: column
column: userid
columnFilter: null
contribution:
type: add
secondaryIndexes:
type: none
notifyStatus: true
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 0cd289fa1b63
code: 400
context: null
id: 9f270aca-5151-11ed-859a-5d2974203ed5
msg: "KeyAlgorithm values can be 'first-column', 'column', 'row-hash',\
\ 'col-hash' and 'seq'"
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/deploy-static-query'
requires valid auth
cid: 29fda52318ae
"403":
description: Unsuccessful response. Forbidden access.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 5
msg: Token invalid or expired
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
"409":
description: Unsuccessful response. Lookup already exists.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupCreationError'
example:
type: LookupCreationError
cid: 68e612d824a5
code: 409
context: null
id: 9b6b0f0e-b162-11ee-b3ab-77fd619670ef
msg: Lookup with domain galactic_empire and name destroyed_planets
already exists
/lookup/{domain}/{name}/job:
get:
summary: Query the job uuids of the given lookup.
description: Query the job uuids of the given lookup by domain and name.
operationId: getLookupJobsUUIDs
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: "Successful response. Returns the filtered jobs, sorted ascendingly\
\ by time."
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobListResponse'
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobsError'
example:
type: LookupJobsError
cid: 6cde7fd6a1f4
code: 400
context: null
id: e08fef4d-53a2-11ed-859a-33f9a0bb845a
msg: Unsuccessful response. Bad Request.
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/job'
requires valid auth
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobsError'
example:
type: LookupJobsError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
/lookup/{domain}/{name}/job/{id}:
get:
summary: Query the statuses of a lookup job.
description: "Query the statuses of a lookup job for a given domain, name and\
\ job id."
operationId: queryLookupJobStatus
parameters:
- name: domain
in: path
description: The domain of the lookup.
required: true
style: simple
explode: false
schema:
type: string
- name: name
in: path
description: "Name of the Lookup, unique on the given domain."
required: true
style: simple
explode: false
schema:
type: string
- name: id
in: path
description: Id of the lookup creation/update/deletion request.
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: "Successful response. Returns the filtered jobs' results for\
\ the given lookup with the filters applied. Results are sorted chronologically.\
\ The response can include the following jobs' results: - \"Lookup successfully\
\ created\": This means the Lookups Manager was able to create the lookup\
\ file with the configuration provided but it was not uploaded to Devo's\
\ platform yet. - \"Lookup ready to be executed\": This means the Lookups\
\ Manager successfully uploaded the created lookup to Devo's platform\
\ and it is ready to be used in queries. - \"Error creating lookup\":\
\ This means the Lookups Manager encountered an error creating the lookup\
\ with the provided configuration."
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobStatusListResponse'
"400":
description: Unsuccessful response. Bad Request.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobsError'
example:
type: LookupJobsError
cid: 4d1eb85a908d
code: 400
context: null
id: e9a9baaf-53a4-11ed-859a-2d69d242a54f
msg: Unsuccessful response. Bad Request.
"401":
description: Unsuccessful response. User unauthorized to create a Lookup.<
content:
application/json:
schema:
$ref: '#/components/schemas/AuthError'
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire/destroyed_planets/job/89732b79-a643-11ee-841d-fb670fe91f6e'
requires valid auth
cid: 29fda52318ae
"404":
description: Unsuccessful response. Domain or Lookup not found.
content:
application/json:
schema:
$ref: '#/components/schemas/LookupJobsError'
example:
type: LookupJobsError
cid: 68e612d824a5
code: 404
context: null
id: 901c6154-b16b-11ee-b3ab-47fc28cf5888
msg: Domain not found.
components:
schemas:
AuthError:
type: object
properties:
code:
type: integer
description: Http error code
format: int32
msg:
type: string
description: Error message
cid:
type: string
description: Correlation ID of the response
description: Standard HTTP error response for unauthorized requests.
example:
code: 401
msg: Access to 'https://api.us.devo.com/lookup-api/lookup/galactic_empire'
requires valid auth
cid: 29fda52318ae
BasicDevoResponse:
type: object
properties:
cid:
type: string
description: Correlation ID of the response
code:
type: integer
description: Numerical API Code.
format: int32
context:
type: object
description: Object containing the context of the response.
id:
type: string
description: Creation ID of the Lookup
msg:
type: string
description: Descriptive message of the response.
description: Standard HTTP response with the minimal properties.
example:
type: BasicDevoResponse
cid: e42ffbbeb753
code: 404
context: HTTP 404 Not Found
id: 30faa8ae-4fbd-11ed-859a-01f240ca171d
msg: HTTP 404 Not Found
discriminator:
propertyName: type
Column:
title: Root Type for a lookup Column.
required:
- name
- type
type: object
properties:
name:
type: string
description: Name of the column.
from:
type: integer
description: 0-based index of the column inside the CSV.
format: int32
type:
type: string
description: |-
Data type of the column. Possible values are:
- "BOOLEAN"
- "STRING
- "INT4"
- "INT8"
- "FLOAT4"
- "FLOAT8"
- "HEX4"
- "HEX8"
- "IP4"
- "IP6"
- "TIMESTAMP"
- "DURATION"
- "NET4"
- "NET6"
description: Descriptor for a Lookup column on a CSV source.
example:
name: key
from: 0
type: STRING
ContributionPolicy:
title: Root Type for ContributionPolicy
required:
- type
type: object
properties:
type:
type: string
description: "Type of the ContributionPolicy. Possible values are \"add\"\
, \"del\" and \"col\". \"add\" by default."
enum:
- add
- del
- col
default: add
name:
type: string
description: "The contribution will be extracted from the column with the\
\ given [name]. That column type must be string and its valid values are\
\ 'add' and 'delete'.'"
description: "Defines how to calculate how a row contributes to the final result,\
\ normally used on incremental lookups. For lookup CSV creation operations\
\ it is always of type \"add\"."
example:
type: add
DeployConfig:
required:
- recipe
type: object
properties:
id:
$ref: '#/components/schemas/LookupId'
recipe:
$ref: '#/components/schemas/Recipe'
notifyStatus:
type: boolean
description: "If true, a notification will be sent to Devo's web once the\
\ Lookup is executed so that the user is informed about the creation or\
\ update of a lookup."
description: "Deploy configuration of the Lookup to be created or updated. This\
\ object states the id of the lookup, the recipe which is used to create it,\
\ its visibility and if the user is to receive a notification on it's readiness."
example:
id:
creator: galactic_empire
name: ImperialIntranetActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select eventdate, domain, userid from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: "false,"
key:
type: column
column: eventdate
columnFilter:
- eventdate
- domain
- userid
contribution:
type: add
requiresDate: false
allOf:
- $ref: '#/components/schemas/DeployConfigBase'
DeployConfigBase:
type: object
properties:
visibility:
type: object
description: |-
Visibility of the lookup. This attribute can be an object of type `Visibility`, or a string. If a string, the supported values are:
- "creator-only": To create a lookup only visible by the user's
domain
- "all-subdomains": To create a lookup visible by all domains owned
by a reseller. Can only be used by users with RESELLER_ADMIN
permissions.
- "all-domains": To create a lookup visible by all domains. It is
only allowed when the domain of the user is self.
description: Deploy configuration base
discriminator:
propertyName: type
DeployCsv:
required:
- columns
type: object
properties:
columns:
type: array
description: Array of Lookup column descriptors.
items:
$ref: '#/components/schemas/Column'
fileProvider:
$ref: '#/components/schemas/FileProvider'
key:
$ref: '#/components/schemas/KeyAlgorithm'
skipPreface:
type: string
description: Enter a regular expression to ignore rows of data in a CSV
used as source that follow the structure indicated in the regex. Defaults
to 'null'.
hasHeader:
type: boolean
description: |
Either if the CSV file of the CSV source has a header row or
not. Defaults to 'false'.
skipEmptyLines:
type: boolean
description: Either to skip empty lines on the CSV or not. Defaults to 'false'.
contribution:
$ref: '#/components/schemas/ContributionPolicy'
keepHistory:
type: boolean
description: |
If enabled, Lookup Manager will store all historic
data in the lookup, enabling historic search.
default: false
columnTimeReference:
type: string
description: |
If given, the Lookup Manager will use the column specified as
time instant reference for the data provided.
append:
type: boolean
description: "If true, when this recipe is evaluated, the content of its\
\ source will be appended to the lookup created on the previous evaluation.\
\ If there is no previous lookup, or if the recipe is updated, this property\
\ is ignored. False by default."
default: false
description: "Deploy csv configuration of the Lookup to be created. This object\
\ states the visibility of the created lookup, the \"fileProvider\" indicating\
\ the CSV file stored in AWS S3, the column descriptors and key. It also includes\
\ metainfo from the CSV such as if it has header."
allOf:
- $ref: '#/components/schemas/DeployConfigBase'
DeployPeriodicQuery:
required:
- query
type: object
properties:
query:
type: string
description: Query to generate the lookup from. It must follow Devo's APIs
LINQ syntax.
key:
$ref: '#/components/schemas/KeyAlgorithm'
refreshPeriod:
type: string
description: |-
Refresh period of the Lookup. Defaults to grouping period of the
query in case it is a grouping query, or 5 minutes if not. Accepted
values are the ones accepted by Devo's Duration type. Minimum value
accepted is 1 minute.
startDate:
type: string
description: Lookup creation start date. Defaults to the time of the request.
Can either be an ISO-8601 datetime string or a number of milliseconds
from EPOCH.
append:
type: boolean
description: "If true, when this recipe is evaluated, the content of its\
\ source will be appended to the lookup created on the previous evaluation.\
\ If there is no previous lookup, or if the recipe is updated, this property\
\ is ignored. False by default."
default: true
keepHistory:
type: boolean
description: |
If enabled, Lookup Manager will store all historic
data in the lookup, enabling historic search.
default: false
columnTimeReference:
type: string
description: |
If given, the Lookup Manager will use the column specified as
time instant reference for the data provided.
description: "Deploy static query configuration of the Lookup to be created\
\ or updated. This object states the visibility of the created lookup, the\
\ lookup query and the algorithm to compute the lookup's keys."
allOf:
- $ref: '#/components/schemas/DeployConfigBase'
DeploySlidingWindowQuery:
required:
- key
- query
- refreshPeriod
- windowSize
type: object
properties:
query:
type: string
description: Query to generate the lookup from. It must follow Devo's APIs
LINQ syntax.
key:
$ref: '#/components/schemas/KeyAlgorithm'
windowSize:
type: string
description: |-
Size of the window. Every time that the query is executed, the
lookup will contain the size of the window. Accepted values are
the ones accepted by Devo's Duration type, Minimum value accepted
is 1 hour.
refreshPeriod:
type: string
description: |-
Refresh period of the Lookup. Defaults to grouping period of the
query in case it is a grouping query, or 5 minutes if not. Accepted
values are the ones accepted by Devo's Duration type. Minimum value
accepted is 1 minute.
startDate:
type: string
description: Lookup creation start date. Defaults to the time of the request.
Can either be an ISO-8601 datetime string or a number of milliseconds
from EPOCH.
keepHistory:
type: boolean
description: |
If enabled, Lookup Manager will store all historic
data in the lookup, enabling historic search.
default: false
columnTimeReference:
type: string
description: |
If given, the Lookup Manager will use the column specified as
time instant reference for the data provided.
description: |-
Deploy static query configuration of the Lookup to be created
or updated. This object states the visibility of the created lookup, the
lookup query and the algorithm to compute the lookup's keys.
allOf:
- $ref: '#/components/schemas/DeployConfigBase'
DeployStaticQuery:
required:
- query
type: object
properties:
query:
type: string
description: Query to generate the lookup from. It must follow Devo's APIs
LINQ syntax.
key:
$ref: '#/components/schemas/KeyAlgorithm'
keepHistory:
type: boolean
description: |
If enabled, Lookup Manager will store all historic
data in the lookup, enabling historic search.
default: false
columnTimeReference:
type: string
description: |
If given, the Lookup Manager will use the column specified as
time instant reference for the data provided.
append:
type: boolean
description: "If true, when this recipe is evaluated, the content of its\
\ source will be appended to the lookup created on the previous evaluation.\
\ If there is no previous lookup, or if the recipe is updated, this property\
\ is ignored. False by default."
default: false
description: "Deploy static query configuration of the Lookup to be created\
\ or updated. This object states the visibility of the created lookup, the\
\ lookup query and the algorithm to compute the lookup's keys."
allOf:
- $ref: '#/components/schemas/DeployConfigBase'
FileProvider:
title: Root Type for fileProvider.
required:
- bucketName
- keyName
- transferOwnership
type: object
properties:
bucketName:
type: string
description: The name of the S3 bucket where the CSV is located.
keyName:
type: string
description: The path of the CSV inside the bucket.
transferOwnership:
type: boolean
description: A boolean that represents whether Lomana should act as the
owner of the CSV and delete it from the bucket once it has finished creating
the lookup.
accessKey:
type: string
description: The access key of a customer’s AWS user with permissions to
access the bucket represented in bucketName. This attribute is not mandatory.
secretKey:
type: string
description: The secret key of a customer’s AWS user with permissions to
access the bucket represented in bucketName. This attribute is not mandatory.
host:
type: string
description: The S3 bucket host where to find the CSV. This attribute is
not mandatory.
port:
type: integer
description: The S3 bucket port where to find the CSV. This attribute is
not mandatory.
format: int32
region:
type: string
description: The AWS region whether the S3 bucket has been created. This
attribute is not mandatory.
description: Info to get the CSV file from S3.
example:
bucketName: holocrons-bucket
keyName: secrets/data/force-sensitive-beings.csv
transferOwnership: true
InstantPolicy:
title: Description of instant policy
properties:
instantPolicy:
type: string
description: "Defines how to calculate the instant of each row. Only used\
\ when the generated lookup is historic. Possible values are: - \"natural\"\
: The associated source must be historical and the instant of each row\
\ will be used. This is useful when the source is a historical lookup.\
\ - \"const\": The instance of all rows will be the supplied constant.\
\ - \"column\": The instance will be extracted from the column with the\
\ given [name]. That column type must be timestamp."
instant:
minimum: 0
type: integer
description: Only for historic lookups of type "const".
format: int64
columnName:
type: string
description: Only for historic lookups of type "column".
description: defines the instant policy properties
KeyAlgorithm:
title: Root Type for KeyAlgorithm.
required:
- type
type: object
properties:
columns:
type: array
description: Columns to be used to generate the key for the lookup. Only
used when the type of the KeyAlgorithm object is "col-hash".
items:
type: string
column:
type: string
description: "Column to be used as the key for the lookup. Only used with\
\ KeyAlgorithms of type: \"column\"."
type:
type: string
description: "Type of Key Algorithm. Values can be \"first-column\", \"\
column\", \"row-hash\", \"col-hash\" or \"seq\". \"first-column\" by default."
enum:
- first-column
- column
- row-hash
- col-hash
- seq
default: first-column
description: |-
Algorithm to compute the lookup's keys. Depending on the type of the KeyAlgorithm different strategies apply:
- "first-column": The first column on the lookup is used as key.
- "column": The column stated in the 'column' field of the KeyAlgorithm object is used as key.
- "row-hash": A hash of the elements on the first row on the lookup is used as key.
- "col-hash": A hash of the columns stated on the 'columns' field of the KeyAlgorithm object is used as key.
- "seq": The key of the lookup is generated sequentially.
Defaults to "first-column".
example:
type: column
column: key
KeyType:
title: Key type of a lookup.
type: object
properties:
type:
type: string
description: "Type of the KeyType. Values can be \"first\", \"seq\" or \"\
hash\"."
columns:
type: array
description: Columns to be hashed to get the key.
items:
type: string
hasher:
type: object
properties:
type:
type: string
description: Hash function to be used
seed:
type: integer
description: Seed to be used by the hash function
format: int64
description: Hash function to be used to generate the key.
description: "Defines how the key of the lookup has been generated. Types can\
\ be \"first\", meaning the key was generated by the first field on the lookup,\
\ \"seq\", so it was generated sequentially or \"hash\", so it was generated\
\ from the hash of a list of fields on the lookup."
example:
type: murmur
seed: 1511793612
LookupActivationError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup enable/disable endpoints.
example:
type: LookupActivationError
cid: 32ac2fdbcc89
code: 400
context: null
id: e111f616-4fbc-11ed-b24b-17bb564344b5
LookupActivationResponse:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard response for lookup enable/disable endpoints.
example:
type: LookupActivationResponse
cid: f44f458f7c32
code: 200
context: null
id: c8234b9d-5052-11ed-b24b-85c623a0cbd8
msg: Lookup enabled
LookupCreationError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup creation endpoints.
example:
type: LookupCreationError
cid: 9a3eda1848d1
code: 403
context: FORBIDDEN
id: 00daba68-5055-11ed-859a-7b524e50491a
msg: User is not authorized to perform operations in the domain.
LookupCreationResponse:
type: object
properties:
lookupDeployConfig:
$ref: '#/components/schemas/DeployConfig'
description: Standard response for lookup creation endpoints.
example:
type: LookupCreationResponse
cid: d41c91a21d56
code: 201
context: null
id: 5d65ff7d-2201-11ec-b04a-53c6289921cb
msg: Lookup sent to creation
lookupDeployConfig:
id:
creator: rebel_alliance
name: GalacticEmpireActivity
visibility:
type: creator-only
recipe:
recipeType: once
source:
query: "select eventdate, level, domain, userid, sessionid, correlationId\
\ from siem.logtrust.web.activity where now()-1m < eventdate < now()"
lookupType:
type: normal
append: false
key:
type: column
column: key
columnFilter:
- eventdate
- level
- domain
- userid
- sessionid
- correlationId
contribution:
type: add
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
LookupDeletionError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup deletion endpoints.
example:
type: LookupDeletionError
cid: 32ac2fdbcc89
code: 400
context: null
id: e111f616-4fbc-11ed-b24b-17bb564344b5
LookupDeletionResponse:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard response for lookup deletion endpoints.
example:
type: LookupDeletionResponse
cid: f44f458f7c32
code: 200
context: null
id: c8234b9d-5052-11ed-b24b-85c623a0cbd8
msg: Lookup sent to deletion
LookupField:
title: Field of a lookup
type: object
properties:
column:
type: string
description: Name of the column field's name.
type:
type: string
description: Data type of the lookup field.
key:
type: boolean
description: Whether if the field is or is part of the key of the lookup
description: Meta information about a lookup field
example:
column: ID
type: ip4
key: true
LookupId:
title: Root Type for LookupId.
type: object
properties:
creator:
type: string
description: Domain of the creator of the Lookup.
name:
type: string
description: Name of the Lookup.
description: Object which identifies a lookup. Formed by the domain of the lookup
inside the "creator" field and the name of the lookup.
example:
creator: jedi_order
name: ForceSensitiveBeings
LookupJobListResponse:
required:
- jobs
type: object
properties:
jobs:
type: array
description: List of job uuids.
items:
type: string
description: List of the last N jobs of a lookup.
example:
cid: e47f4ab72ded
code: 200
context: null
id: 4d33777c-e37c-11ed-b5ea-0242ac120002
msg: Lookup job uuids
jobs:
- 2b6b312f-c9a2-489c-8794-ea656a19b822
- 30b6cad0-9714-48a7-9976-73e41523edfd
- d1e969e6-48a8-46ea-ab22-e0a5458e302b
- e2c51a3c-ad7e-4fe6-bb43-89f93e629d76
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
LookupJobStatusListResponse:
required:
- jobs
type: object
properties:
status:
type: array
description: List of statuses.
items:
$ref: '#/components/schemas/LookupStatusResponse'
description: List of the last N statuses of a job.
example:
cid: e47f4ab72ded
code: 200
context: null
id: 4d33777c-e37c-11ed-b5ea-0242ac120002
msg: Lookup job's statuses
status:
- eventdate: 2021-09-29T10:18:10.805
domain: galactic_empire
lookup: ImperialIntranetActivity
msg: Lookup successfully created
code: create.ok
- eventdate: 2021-09-29T10:18:12.472
domain: ImperialIntranetActivity
lookup: test-schedule
msg: Lookup ready to be executed
code: deploy.ok
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
LookupJobsError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup jobs endpoints.
example:
type: LookupJobsError
cid: 976559828e9a
code: 403
context: FORBIDDEN
id: 0697ce1e-53a3-11ed-859a-637a8267600a
msg: User is not authorized to perform operations in the domain.
LookupMetaInfo:
title: Meta information of a Lookup.
type: object
properties:
name:
type: string
description: Lookup name.
domain:
type: string
description: Lookup domain.
fileSize:
type: integer
description: Size in bytes of the lookup file.
format: int64
numEntries:
type: integer
description: Number of entries in the lookup.
format: int64
creationDate:
type: string
description: Creation date of the lookup.
keyType:
$ref: '#/components/schemas/KeyType'
fields:
type: array
description: Lookup fields.
items:
$ref: '#/components/schemas/LookupField'
shared:
type: boolean
description: Whether the lookup is shared or not.
owner:
type: string
description: Lookup owner's email.
description: Relevant meta information of a Lookup inside the Devo platform
example:
name: CloneTroopersSquads
domain: galactic_republic
fileSize: 3600384
numEntries: 1000
creationDate: 2020-03-04T15:07:19
shared: false
owner: qa.galactic_republoc@devo.com
keyType:
type: first
columns: []
hasher: null
fields:
- column: ID
type: ip4
key: true
- column: NumberOfUnits
type: ip4
key: false
- column: JediGeneralID
type: ip4
key: false
- column: Active
type: bool
key: false
discriminator:
propertyName: type
LookupMetaInfoComplete:
title: Complete Meta information of a Lookup.
properties:
deployConfig:
$ref: '#/components/schemas/DeployConfig'
lastStatus:
$ref: '#/components/schemas/LookupStatusResponse'
enabled:
type: boolean
description: Whether the lookup is enabled or not.
description: "Relevant meta information of a Lookup inside the Devo platform,\
\ including deploy config, last execution and enabled."
example:
name: CloneTroopersSquads
domain: galactic_republic
fileSize: 3600384
numEntries: 1000
creationDate: 2020-03-04T15:07:19
shared: false
owner: qa.galactic_republoc@devo.com
enabled: true
keyType:
type: first
columns: []
hasher: null
deployConfig: null
lastStatus:
eventdate: 2020-03-04T15:08:02
domain: galactic_republic
lookup: CloneTroopersSquads
msg: Lookup successfully created
fields:
- column: ID
type: ip4
key: true
- column: NumberOfUnits
type: ip4
key: false
- column: JediGeneralID
type: ip4
key: false
- column: Active
type: bool
key: false
allOf:
- $ref: '#/components/schemas/LookupMetaInfo'
LookupMetaInfoListResponse:
type: object
properties:
lookups:
type: array
description: List of lookups.
items:
$ref: '#/components/schemas/LookupMetaInfo'
nextPageToken:
type: integer
description: Last page token. Used for pagination.
format: int32
description: List of N lookups inside a domain.
example:
type: LookupMetaInfoListResponse
cid: e47f4ab72ded
code: 200
context: null
id: 11a68f01-4fb0-11ed-b24b-99afce214fb8
msg: galactic_empire lookups.
lookups:
- name: DeathStarTroopers
domain: galactic_empire
fileSize: 1712128
numEntries: 10000
creationDate: 2021-09-29T10:18:10.805
keyType:
type: first
columns: []
hasher: null
deployConfig: null
lastStatus:
eventdate: 2021-09-29T10:18:10.805
domain: galactic_empire
lookup: DeathStarTroopers
msg: Lookup successfully created
fields:
- column: "ID,"
type: ip4
key: true
- column: "Name,"
type: str
key: false
- column: "Category,"
type: str
key: false
- column: "Age,"
type: int4
key: false
- column: "Sector,"
type: int4
key: false
- column: "Rank,"
type: str
key: false
- column: "BlasterModel,"
type: str
key: false
shared: true
owner: qa.lomaniacos@devo.com
enabled: true
- name: FugitiveJedis
domain: galactic_empire
fileSize: 32768
numEntries: 50
creationDate: 2021-10-10T10:00:05.812
keyType:
type: hash
columns: []
hasher:
type: murmur
seed: 1511793612
deployConfig: null
lastStatus:
eventdate: 2021-10-10T10:01:02.001
domain: galactic_empire
lookup: FugitiveJedis
msg: Lookup successfully created
fields:
- column: "Name,"
type: str
key: true
- column: "LightsaberColor,"
type: str
key: false
- column: "LastKnownLocation,"
type: str
key: false
- column: "Species,"
type: str
key: false
- column: "PlanetOfOrigin,"
type: str
key: false
- column: "ConsideredDangerous,"
type: bool
key: false
shared: true
owner: qa.lomaniacos@devo.com
enabled: true
nextPageToken: 1
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
LookupMetaInfoResponse:
type: object
properties:
lookupMetaInfo:
$ref: '#/components/schemas/LookupMetaInfoComplete'
description: LookupMetaInfo component for LookupMetaInfoResponse
example:
type: LookupMetaInfoResponse
cid: ee5f8fb3e225
code: 200
context: null
id: 23f0e93a-5050-11ed-b24b-3bba2bcd85c3
msg: galactic_republic/CloneTroopersSquads meta information
lookupMetaInfo:
name: CloneTroopersSquads
domain: galactic_republic
fileSize: 3600384
numEntries: 1000
creationDate: 2020-03-04T15:07:19
keyType:
type: first
columns: []
hasher: null
deployConfig: null
lastStatus:
eventdate: 2020-03-04T15:08:02
domain: galactic_republic
lookup: CloneTroopersSquads
msg: Lookup successfully created
fields:
- column: ID
type: ip4
key: true
- column: NumberOfUnits
type: ip4
key: false
- column: JediGeneralID
type: ip4
key: false
- column: Active
type: bool
key: false
shared: true
owner: qa.lomaniacos@devo.com
enabled: true
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
LookupMetaInfoResponseError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup meta info endpoints.
example:
type: LookupMetaInfoResponseError
cid: 35a6a56c8fde
code: 403
context: null
id: 55b9f469-504c-11ed-b24b-c5ffaee961d7
msg: Forbidden
LookupNotificationError:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard error response for lookup notifications.
example:
type: LookupNotificationError
cid: 32ac2fdbcc89
code: 400
context: null
id: e111f616-4fbc-11ed-b24b-17bb564344b5
LookupNotificationResponse:
allOf:
- $ref: '#/components/schemas/BasicDevoResponse'
- type: object
description: Standard response for lookup notifications.
example:
type: LookupActivationResponse
cid: f44f458f7c32
code: 200
context: null
id: c8234b9d-5052-11ed-b24b-85c623a0cbd8
msg: Lookup succesfully notified
LookupStatusResponse:
type: object
properties:
eventdate:
type: string
description: Timestamp of the status.
domain:
type: string
description: Domain of the lookup.
lookup:
type: string
description: Name of the lookup.
msg:
type: string
description: Job status description.
code:
type: string
description: Job status code (short name).
extra:
type: string
description: Job status extra information.
description: Status of the job of a lookup at a given point in time.
example:
eventdata: 2021-09-29T10:18:10.805
domain: galactic_empire
lookup: ImperialIntranetActivity
msg: Lookup successfully created
extra: null
code: deploy.ok
LookupType:
title: Root Type for LookupType.
required:
- type
type: object
properties:
type:
type: string
description: Valid values are "normal" and "historic".
enum:
- normal
- historic
instantPolicy:
type: string
description: "Defines how to calculate the instant of each row. Only used\
\ when the generated lookup is historic. Possible values are: - \"const\"\
: The instance of all rows will be the supplied constant. - \"creation-instant\"\
: The instance of all rows will be the creation instant. - \"column\"\
: The instance will be extracted from the column with the given [name].\
\ That column type must be timestamp."
instant:
minimum: 0
type: integer
description: Only for historic lookups of type "const".
format: int64
columnName:
type: string
description: Only for historic lookups of type "column".
keepHistory:
type: boolean
description: |
If enabled, Lookup Manager will store all historic
data in the lookup, enabling historic search.
default: false
description: "Defines the type of the lookup. It can be: - normal: Regular old\
\ lookups. - historic: New historic lookups."
example:
type: normal
Recipe:
required:
- lookupType
- recipeType
- source
type: object
properties:
recipeType:
type: string
description: Type of the recipe. Possible values are "once" for static lookups
and "periodic" for periodic lookups.
enum:
- once
- periodic
source:
$ref: '#/components/schemas/Source'
lookupType:
$ref: '#/components/schemas/LookupType'
append:
type: boolean
description: "If true, when this recipe is evaluated, the content of its\
\ source will be appended to the lookup created on the previous evaluation.\
\ If there is no previous lookup, or if the recipe is updated, this property\
\ is ignored. False by default."
default: false
key:
$ref: '#/components/schemas/KeyAlgorithm'
columnFilter:
type: array
description: If not null a white list of columns that will be projected.
All elements of the list must be defined on source. Columns from source
whose name is not on this list won't be projected.
items:
type: string
contribution:
$ref: '#/components/schemas/ContributionPolicy'
secondaryIndexes:
$ref: '#/components/schemas/SecondaryIndexes'
refreshMillis:
minimum: 60000
type: integer
description: |-
Refresh period of the Lookup in milliseconds. Can only be used and
is required if recipeType is "periodic".
format: int64
startMillis:
type: integer
description: Milliseconds since Epoch. Can only be used and is required
if recipeType is "periodic".
format: int64
dataTimeToLive:
minimum: 300000
type: integer
description: |-
Size of the sliding window in millis used in dynamic queries,
infinite if not set
format: int64
requiresDate:
type: boolean
description: "If true, the source query will be enriched with a closed date\
\ range restriction. The lower bound will be the maximum between startMillis\
\ and the last job instant and the upper bound will be always now(). Can\
\ only be used if recipeType is \"periodic\". False by default."
description: |-
Recipe of the lookup to be created. This object states the following data about the lookup: - Whether if it is going to be periodic or not via the "recipeType" attribute. - The "Source" object which defines the source of the its data. - Its type, rather if it is a normal or a historic lookup. Via the "lookupType" attribute. - Whether if the data from the source is to be appended or overriden, using the "append" attribute. - The algorithm used to create its key, via the "key" attribute. - The columns to be added to it using the "columnFilter". - The contribution type of its columns, via the "contribution" attribute. - Its secondary indexes. In case the "lookupType" is of type "historic". - In case it is periodic, some info about its periodicity using the "refreshMillis" and "startMillis" fields. Optionally, "dataTimeToLive" - "dataTimeToLive" must be great than 300000 (5 minute) defines the max-age of the data in the lookup. - Whether the source of the query is to be enriched with a closed date
range restriction, via the "requiresDate" attribute.
example:
recipeType: once
source:
query: "select eventdate, domain, userid from siem.logtrust.web.navigation\
\ where now()-1m < eventdate < now()"
lookupType:
type: normal
append: "false,"
key:
type: column
column: eventdate
columnFilter:
- eventdate
- domain
- userid
contribution:
type: add
requiresDate: false
SecondaryIndexes:
title: Root Type for SecondaryIndexes.
required:
- type
type: object
properties:
type:
type: string
description: "Type of secondary indexes to be applied to the Lookup. Possible\
\ values are \"all\", \"none\" and \"by-name\". \"none\" by default."
enum:
- all
- none
- by-name
default: none
map:
type: object
description: Map of column names to be applied as secondary indexes when
the SecondaryIndexes is of type "by-name"
description: Columns of a Lookup indexed as secondary indexes.
example:
type: all
map:
v3: SORTED
Source:
type: object
properties:
columns:
type: array
description: |-
Array of Lookup column descriptors. Can only be used and is
required if the lookup is to be created through a CSV file, so
"fileProvider" field must be informed and "query" not.
items:
$ref: '#/components/schemas/Column'
skipPreface:
type: string
description: Enter a regular expression to ignore rows of data in a CSV
used as source that follow the structure indicated in the regex. Only
used in CSV sources with "fileProvider" field informed and "query" not.
hasHeader:
type: boolean
description: |
Either if the CSV file of the CSV source has a header row or
not.
skipEmptyLines:
type: boolean
description: Either to skip empty lines on the CSV or not.
fileProvider:
$ref: '#/components/schemas/FileProvider'
query:
type: string
description: Query to generate the lookup from. It must follow Devo's APIs
LINQ syntax.
description: "Source used to create the Lookup. This object states if the lookup\
\ is gonna be created through a query to Devo, either by using que \"query\"\
\ field or through a CSV file stored in AWS S3 using the \"fileProvider\"\
\ field."
example:
query: select * from siem.logtrust.web.navigation where now()-1m < eventdate
< now()
ValidationError:
type: object
properties:
code:
type: integer
description: Error code
format: int32
msg:
type: string
description: Error message
cid:
type: string
description: Correlation ID of the response
context:
type: object
description: Object containing the context of the response.
description: Error returned by web server validations.
example:
code: 140
msg: Validation failed.
cid: 981d4e9056da
context:
failures: refreshMillis = 30000 <= must be greater than or equal to 60000
Visibility:
required:
- type
properties:
type:
type: string
description: |-
Type of the visibility. Possible values are:
- "creator-only": To create a lookup only visible by the user's
domain
- "all-subdomains": To create a lookup visible by all domains owned
by a reseller. Can only be used by users with RESELLER_ADMIN
permissions.
- "all-domains": To create a lookup visible by all domains. It is
only allowed when the domain of the user is self.
- "regex": To create a lookup visible by domains for which the
regular expression applies. If this type is used, a regular
expression must be placed on the "regex" field of this object.
It is only allowed for self domain admins.
enum:
- creator-only
- all-subdomains
- all-domains
- regex
regex:
type: string
description: Regular expression to be applied for the visibility of the
lookup in case its type is "regex".
description: Visibility of the lookup to be created. This object sets the domains
which will be able to see the lookup in Devo. Defaults to a visibility object
of type "creator-only".
|
