Filters - Create Filter

URI

https://164.99.19.131:8443/SentinelRESTServices/filters

Supported Methods

POST

This creates a new lucene filter.

Authentication

Authentication Types
Sentinel Permissions Needed

URL Parameters

None.

Success Codes

Fault Codes

Request Data

Object type: Filter object
Information about the filter
FieldRequiredDescription
builderDatafalseThis is a nested JSON object containing information used to display the filter in Structured or Free-Form in Web UI.
descriptionfalseThis is the description of the filter
isFreeformfalseBoolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information.
nametrueName of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail.
sharedRoleIdsfalseThis is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES
shareTypefalseSpecify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission.
valuetrueThe Apache Lucene query forming the filter

Response Data

Object type: Filter object
Information about the newly created filter
FieldDescription
builderDataThis is a nested JSON object that is used to display the filter in Structured or Free-Form in Web UI.
descriptionThis is the description of the filter
idThis is the UUID of the newly created filter.
isFreeformBoolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information.
nameName of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail.
sharedRoleIdsThis is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES
shareTypeSpecify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission.
valueThe Apache Lucene query forming the filter

Sample Request

POST /filters
Sample Response for application/json
Status: 200
{
   "id":"4E2923C0-C4D4-102E-9DDB-00163EE8ED6B",
   "name":"My Filter",
   "description":"Events having severity between and inclusive of 0 and 3.",
   "value":"(sev:[0 TO 3])",
   "isFreeform":"false",
   "ownerId":"0",
   "shareType":"NONE",
   "builderData":"[{"fieldName":"rv145"},{"fieldName":"_data"},{"fieldName":"taxonomy"},{"fieldName":"sev", "valueFrom":"0", "valueTo":"3", "isRange":"true", "value":"0"},{"fieldName":"booleanCondition", "booleanCondition":"and"},{"fieldName":"excludeSysEvents", "excludeSysEvents":false}]",
}