| Operation ID | Description |
|---|
| Upload a lookup file to NGSIEM. |
| Download lookup file from NGSIEM. |
| Download lookup file in namespaced package from NGSIEM. |
| Download lookup file in package from NGSIEM. |
| Initiate a NGSIEM search. |
| Get status of a NGSIEM search. |
| Stop a NGSIEM search. |
Upload a lookup file to NGSIEM.
upload_file
| Method | Route |
|---|
 | /humio/api/v1/repositories/{repository}/files |
- Consumes: multipart/form-data
| Name | Service | Uber | Type | Data type | Description |
|---|
| lookup_file |  |  | formData | string | Location of the file object to be uploaded. |
| repository | | | path | string | Name of the repository. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_file(lookup_file="string", repository="string")
print(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UploadLookupV1(lookup_file="string", repository="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
lookup_file = "string"
with open(lookup_file, "rb") as upload_file:
file_extended = {"file": upload_file}
response = falcon.command("UploadLookupV1", repository="string", files=file_extended)
print(response)
Download lookup file from NGSIEM.
get_file
| Method | Route |
|---|
 | /humio/api/v1/repositories/{repository}/files/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|
| filename | | | path | string | Name of the lookup file. |
| repository | | | path | string | Name of the repository. |
| stream | | | query | boolean | Enable streaming download of the returned file. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.get_file(repository="string", filename="string", stream=boolean))
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.GetLookupV1(repository="string", filename="string", stream=boolean))
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.command("GetLookupV1", repository="string", filename="string", stream=boolean))
Download lookup file in namespaced package from NGSIEM.
get_file_from_package_with_namespace
| Method | Route |
|---|
| /humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|
| filename | | | path | string | Name of the lookup file. |
| namespace | | | path | string | Name of the namespace. |
| package | | | path | string | Name of the package. |
| repository | | | path | string | Name of the repository. |
| stream | | | query | boolean | Enable streaming download of the returned file. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package_with_namespace(repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageWithNamespaceV1(repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageWithNamespaceV1",
repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Download lookup file in package from NGSIEM.
get_file_from_package
| Method | Route |
|---|
| /humio/api/v1/repositories/{repository}/files/{package}/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|
| filename | | | path | string | Name of the lookup file. |
| package | | | path | string | Name of the package. |
| repository | | | path | string | Name of the repository. |
| stream | | | query | boolean | Enable streaming download of the returned file. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package(repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageV1(repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageV1",
repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Initiate a NGSIEM search.
start_search
| Method | Route |
|---|
| /humio/api/v1/repositories/{repository}/queryjobs |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| allow_event_skipping | | | body | boolean | Flag indicating if event skipping is allowed. |
| arguments | | | body | dictionary | Search arguments in JSON format. |
| around | | | body | dictionary | Search proximity arguments. |
| autobucket_count | | | body | integer | Number of events per bucket. |
| body | |  | body | dictionary | Full body payload provided as a dictionary. |
| end | | | body | string | Last event limit. |
| ingest_end | | | body | integer | Ingest maximum. |
| ingest_start | | | body | integer | Ingest start. |
| is_live | | | body | boolean | Flag indicating if this is a live search. |
| query_string | | | body | string | Search query string. |
| repository | | | path | string | Name of the repository. |
| search | | | body | dictionary | Search query to perform. Can be used in replace of other keywords. |
| start | | | body | string | Search starting time range. |
| timezone | | | body | string | Timezone applied to the search. |
| timezone_offset_minutes | | | body | integer | Timezone offset. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.start_search(repository="string",
is_live=False,
start="1d",
query_string="#event_simpleName=*"
)
print(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StartSearchV1(repository="string",
is_live=False,
start="1d",
query_string="#event_simpleName=*"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
search_query = {
"isLive" : False,
"start" : "1d",
"queryString" : "#event_simpleName=*"
}
response = falcon.command("StartSearchV1", repository="string", body=search_query)
print(response)
Get status of a NGSIEM search.
get_search_status
| Method | Route |
|---|
| /humio/api/v1/repositories/{repository}/queryjobs/{id} |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| repository | | | path | string | Name of the repository. |
| search_id | | | path | string | ID of the query. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_search_status(repository="string", search_id="string")
print(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSearchStatusV1(repository="string", search_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSearchStatusV1", repository="string", search_id="string")
print(response)
Stop a NGSIEM search.
stop_search
| Method | Route |
|---|
 | /humio/api/v1/repositories/{repository}/queryjobs/{id} |
- Consumes: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| repository | | | path | string | Name of the repository. |
| id | | | path | string | ID of the query. |
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.stop_search(repository="string", id="string")
print(response)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StopSearchV1(repository="string", id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("StopSearchV1", repository="string", id="string")
print(response)