| Object type: Filter object | ||
|---|---|---|
| Information about the filter | ||
| Field | Required | Description |
| builderData | false | This is a nested JSON object that is used to display the filter in Structured or Free-Form in Web UI. |
| description | false | This is the description of the filter |
| isFreeform | false | Boolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information. |
| name | true | Name of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail. |
| sharedRoleIds | false | This is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES |
| shareType | false | Specify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission. |
| value | true | The Apache Lucene query forming the filter |
| Object type: Filter object | |
|---|---|
| Information about the filter | |
| Field | Description |
| builderData | This is a nested JSON object that is used to display the filter in Structured or Free-Form in Web UI. |
| description | This is the description of the filter |
| id | This is the UUID of the filter. |
| isFreeform | Boolean flag specifying whether this filter query is in Structured or Free-Form in Web UI. If this field is not present, it defaults to false - i.e., the filter query can be represented in structured form. If false, then the builderData field will also contain information. |
| name | Name of the filter. NOTE: The filter name must be unique. If it is not unique, the create filter call will fail. |
| sharedRoleIds | This is a JSON array object containing the list of UUIDs of Roles that have access to this filter. This field is applicable only when the shareType field has value SELECTED_ROLES |
| shareType | Specify the access for the filter. It can have one of the following four values : NONE, EVERYONE, SAME_ROLE, SELECTED_ROLES. Only Administrators can use 'SELECTED_ROLES' option. EVERYONE and SAME_ROLE option can be used only if the user's role has share search filter permission. |
| value | The Apache Lucene query forming the filter |
PUT /filters/4E2923C0-C4D4-102E-9DDB-00163EE8ED6B
{ "id":"4E2923C0-C4D4-102E-9DDB-00163EE8ED6B", "name":"My Updated Filter", "description":"Events having severity between and inclusive of 0 and 3.", "value":"(sev:[0 TO 3])", "isFreeform":"false", "ownerId":"0", "shareType":"NONE", "builderData":"[{"fieldName":"rv145"},{"fieldName":"_data"},{"fieldName":"taxonomy"},{"fieldName":"sev", "valueFrom":"0", "valueTo":"3", "isRange":"true", "value":"0"},{"fieldName":"booleanCondition", "booleanCondition":"and"},{"fieldName":"excludeSysEvents", "excludeSysEvents":false}]", }