Skip to main content

Spider API (2.0.0)

Download OpenAPI specification:Download


Description

Spider API allows you to:

  • search and browse the ressources created while parsing the networks communications
  • upload new communications (import)
  • configure your system (teams, users, whisperers)
  • and even write a new client to send packets and Tcp sessions

You may search through Packets, Tcp Sessions and Http Communications, download them, analyse them with ElasticSearch power, rebuild the content...

These are the services behind the GUI. In fact, all Spider processing is done using these APIs.


How to start?

  1. Start by authenticating with POST /customer/v1/sessions to get your JWT token to use in all further calls.
  2. In Swagger UI, click 'Authorize' button to register your token.
  3. Then use any customers authorized API. Ex:
    • POST /web-read/v1/http-com/_search to search for HTTP communications
    • GET /web-read/v1/http-com/{id}/res/body/ to get the response body of a communication
  4. When using a team, you may have to get the team token to access its whisperers
    • GET /teams/v1/teams/{id}/user-token/

Common

Common API for all services.

Get micro service info

Description

Give basic info, can be used for healthcheck of service

Access

  • No identification
path Parameters
service
required
string (ServiceNames)
Enum: "alert" "capture-status-poller" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "web-write-warnings" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg"

Service name

Responses

Response samples

Content type
text/plain
Spider Customer

Get Api stats

Description

Give metrics informations for HTTP Api of this service

Access

  • Admin
  • Application
  • Customer
Authorizations:
Bearer
path Parameters
service
required
string (ServiceNames)
Enum: "alert" "capture-status-poller" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "web-write-warnings" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg"

Micro service name

Responses

Response samples

Content type
application/json
{
  • "application": "tcp-streams-update",
  • "hostname": "traballand-Latitude-E7240",
  • "instanceId": "c1033254c68f",
  • "requests": 886,
  • "successes": 886,
  • "errors": 0,
  • "errors4xx": 0,
  • "errors5xx": 0,
  • "duration": 2311,
  • "api": {
    }
}

Get circuit breakers stats

Description

Give circuit breakers informations for downstream connections of this service

Access

  • Admin
  • Application
  • Customer
Authorizations:
Bearer
path Parameters
service
required
string (ServiceNames)
Enum: "alert" "capture-status-poller" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "web-write-warnings" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg"

Micro service name

Responses

Response samples

Content type
application/json
{
  • "application": "tcp-streams-write",
  • "hostname": "spider4",
  • "instanceId": "9300ef2cec06",
  • "circuitBreakers": {
    }
}

Get process stats

Description

Give process metrics for this service

Access

  • Admin
  • Application
  • Customer
Authorizations:
Bearer
path Parameters
service
required
string (ServiceNames)
Enum: "alert" "capture-status-poller" "customer" "gui-logs" "gui-settings" "hosts" "hosts-agg" "hosts-poller" "job" "link" "mail-sender" "maintenance" "pack-poller" "pack-read" "pack-write" "pack-update" "parsing-status-tcpsession-poller" "parsing-status-httppers-poller" "plugins" "session" "stats-collector" "status-poller" "tcp-poller" "tcp-read" "tcp-write" "tcp-update" "teams" "web-httpcom-poller" "web-httpcom-content-poller" "web-httppers-poller" "web-read" "web-upload" "web-write" "web-write-warnings" "whisp" "whisp-status-poller" "whisps-status" "whisps-status-agg"

Micro service name

Responses

Response samples

Content type
application/json
{
  • "application": "tcp-streams-write",
  • "hostname": "spider7",
  • "instanceId": "dd8ff8ac5565",
  • "startTime": "2019-01-16T21:56:26.109Z",
  • "upTime": 1209512.309,
  • "cpu": {
    },
  • "memory": {
    }
}

Get parsing stats

Description

Give metrics informations for parsing

Access

  • Admin
  • Application
  • Customer
Authorizations:
Bearer
path Parameters
parser
required
string (ParserNames)
Enum: "web-write" "web-write-warnings"

Micro service name

Responses

Response samples

Content type
application/json
{
  • "application": "web-streams-write",
  • "hostname": "spider4",
  • "instanceId": "cce9207215ae",
  • "parsed": 13259,
  • "created": 5005,
  • "errors": 0,
  • "completed": 856,
  • "duration": 131623.869581,
  • "started": 856,
  • "delay": 8747139,
  • "durationPercentiles": {
    },
  • "delayPercentiles": {
    }
}

Alert

Alert service.

Get metrics

Description

Give metrics information collected by alerting probes in Prometheus format.

Access

  • Free

Responses

Get health

Description

Give summary of probes status

Access

  • Free
  • Exposed

Responses

Response samples

Content type
applications/json
{
  • "license": {
    },
  • "probes": {
    }
}

Controllers

Controllers are able to spawn Whisperers in a remote cluster.

Create a new Controller

Description

Create a new controller, and associate it to the owner customer.

Access

  • Customer, with controllers creation rights
  • Admin
Authorizations:
Bearer
Request Body schema: application/json
required

Controller creation request

customer
required
string

System Id of the customer.

name
required
string

Name of the controller to create.

Responses

Request samples

Content type
application/json
{
  • "customer": "YOD66VZ54Jih",
  • "name": "Upload"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Search for Controllers

Description

Search for controllers

Rules

If client is not admin, the search will be limited to the Controllers owned by this customer or shared with him, directly or by the team.

Access

  • Admin
  • Customer
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Aggregation request, using Elasticsearch aggregation DSL.

size
required
integer

Page size.

avoidTotalHits
boolean

Tells if response should include total hits count.

includeETags
boolean

Tells if response should include _eTags fields for update.

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "aggs": { },
  • "sort": [
    ],
  • "next": [
    ],
  • "size": 0,
  • "avoidTotalHits": true,
  • "includeETags": true
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [
    ],
  • "aggs": { },
  • "nextPage": {
    },
  • "asyncResults": {
    }
}

Get a Controller

Description

Get a controller's details.

Access

  • Customer owning the controller
  • The own controller
  • Client being shared access to this controller
  • Client of the team owning the controller with controllers right
  • Customer application
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Internal id of Controller

Responses

Response samples

Content type
application/json
{
  • "@id": "string",
  • "@type": "Controller",
  • "version": "string",
  • "name": "string",
  • "customer": "string",
  • "apikey": "string",
  • "config": {
    },
  • "users": [
    ],
  • "teams": [
    ],
  • "status": {
    },
  • "creator": "string",
  • "dateCreated": "2019-08-24",
  • "editor": "string",
  • "dateModified": "2019-08-24"
}

Change controller's name or shared users

Description

Updates a customer. You can:

  • Update controller's name
  • Change sharing settings: teams, users and users rights on this controller

Rules

  • Can do any change:
    • Admin
    • Client owning the controller
  • Client being shared access to this controller with share rights can:
    • Add or remove users from the sharing settings
  • Client being shared access to this controller with rights change rights can:
    • Change rights of users in the sharing settings

Access

  • Customer owning the controller
  • Client of a team having shared access to the controller
  • Client being shared access to this controller with config, share or rights modification rights
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Internal id of Controller

header Parameters
If-Match
required
string

eTag of previous state of the controller

Request Body schema: application/json-patch+json
required

Json patch with the changes

Array
op
required
string
Enum: "test" "remove" "add" "replace" "move" "copy"
path
required
string
value
string
from
string

Responses

Request samples

Content type
application/json-patch+json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Delete a Controller

Description

Delete a controller.

  • Put it to technicalStatus DELETED.

Access

  • Customer owning the controller
  • Client being shared access to this controller and with delete right
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Internal id of Controller

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Create/Replace the controller API key

Description

Create/Replace the controller API key used for controller connection to Spider.

The API key is a public/private key pair.

  • The public key is stored in controller's settings.
  • The private key is sent in response to this call.

Any call to this API (if authorized) will overwrite the previous API key, and the controller will not be able to use the previous one. A connected controller will be disconnected when its current JWT token will expire. The API key is taken as a configuration AT START of controllers, and need a restart to be changed.

Output

The API can supports two outputs:

  • application/json:
    • Provides a file with the private key, Spider's URL, and the controller's id This file is the only expected configuration file at controller start.
  • application/x-pem-file
    • Provides only the private key as a PEM file

Access

  • Customer owning the controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

Responses

Response samples

Content type
{}

Generate an API key signature with the private key of the controller

Description

This endpoint is for testing purposes only:

  • It allows testing the API key or the controllers API without a controller
  • It generates a valid signature for the controller to call the configuration endpoint
  • However, IT REQUIRES YOUR PRIVATE KEY IN INPUT
  • After testing, please, reset your API key

Output

  • The signature for this controller, timestamp and private API key
  • A validation of this signature with the controller registered public API key

Access

  • Customer owning the controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

query Parameters
timeStamp
required
string <date-time>

Timestamp to use in signature

instanceId
required
string

InstanceId to use in signature

Request Body schema: application/x-pem-file
string

The controller RSA private key, as a PEM

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get Controller configuration

Description

Get the configuration of this Controller Usages:

  • Called by controller at start (or before token expiration) with their API key
  • Called by controllers regularly to check for configuration change
  • Called by UI to get configuration

API key

The first call from controllers is made by:

  • building a json payload with current time and controller id,
  • then signing it with SHA256 algorithm using controller's private key
const timeStamp = moment().toISOString();
const info = {
    timeStamp,
    controllerId
};
const privKey = new NodeRSA(privatePem);
const signature = privKey.sign(Buffer.from(JSON.stringify(info)), 'base64');
  • and then calling this API with specific headers:
  Spider-TimeStamp: timeStamp
  Spider-Signature: signature //base 64 encoded

Output

  • The configuration
  • A JWT token to use on further calls in Spider-Token header
    • If no token provided, or if called from a Customer
    • A Customer may call to get the configuration of one of its controllers and use the generated token to upload data (as on the UI)

Access

  • The own controller
  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

header Parameters
Spider-Signature
string <base64>

Signature of the call by the Controller, with its API key

Spider-Timestamp
string <date-time>

Provided with API key in first Controller call to get its JWT token with the config

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get namespaces of the cluster where the Controller is

Description

Get the list of namespaces names from the cluster.

Output

  • An array of string

Returns 404 if the controller is not connected.

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

Responses

Response samples

Content type
application/json
[
  • "string"
]

Get list of objects of the requested namespace and collection from the cluster

Description

Get the list of objects from the cluster.

Output

  • An array of items

Returns 404 if the controller is not connected.

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

namespace
required
string

Name of the namespace we want the object from

collection
required
string
Enum: "pods" "statefulsets" "deployments" "cronjobs"

Collection we are interested in

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Create a new attachment

Description

Create a new attachment, asking, by it, to spawn a Whisperer to each linked Pod

  • The attachment is first saved in DB, and it will be fetched by the Controller next time with its configuration.
  • Then, an attachment request is sent to the Controller for an immediate attachment (if Controller is connected)

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

Request Body schema: application/json
required

Attachment creation request

whisperer
required
string

Whisperer Id to attach.

namespace
required
string

Namespace where the workload is.

collection
required
string
Enum: "pods" "statefulsets" "daemonsets" "deployments" "cronjobs"

Collection of the workload.

item
required
string

Name of the workload.

agent
string
Enum: "whisperer" "gossiper"

Agent to attach.

Responses

Request samples

Content type
application/json
{
  • "whisperer": "string",
  • "namespace": "string",
  • "collection": "pods",
  • "item": "string",
  • "agent": "whisperer"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Detach the attachment

Description

Ask for the attachment to be terminated.

The Whisperers connected to the worload linked to this attachment will terminate the next time they check their status.

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

attachment
required
string

System id of the Attachment

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get the Whisperers managed by this Controller

Description

Returns the list of Whisperers that the Controller knows and manages.

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of Controller

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get the Attachments associated to this Whisperer, from all know attachments

Description

Returns the list of Attachments linked to a Whisperer.

The service will calls all referenced and connected Controllers to get the status of the Whisperers.

Access

  • Customer owning the controller
  • Client being shared access to this controller
  • Client of the team being shared access to this controller
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

System id of a Whisperer

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Customers

Users accounts.

Connect a customer

Description

Connects a customer and returns a JWT token

Rules

  • After many unsuccessful attempts, the email will be blocked for some time.

Access

  • No identification required
Request Body schema: application/json
required

The email/password for connection

email
required
string

Email

password
required
string <password>

Password

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "password": "pa$$word"
}

Response samples

Content type
application/json
{
  • "customer": "string",
  • "token": "string"
}

Connect a customer using OIDC code flow

Description

Connects a customer using OIDC and returns a JWT token.
Takes in input the code provided by the Identity Provider and the name of the IP, as set in configuration.

Access

  • No identification required
Request Body schema: application/json
required

The code and IP to get the tokens from

code
required
string

Code received from the authorization_endpoint

provider
string

Identity provider name set in configuration

Responses

Request samples

Content type
application/json
{
  • "code": "string",
  • "provider": "string"
}

Response samples

Content type
application/json
{
  • "customer": "string",
  • "token": "string"
}

Create a new customer

Description

Create a new customer.

Rules

  • If a customer with same email already exists, creation is cancelled.
  • Depending on system settings, a self created customer (no token) will be:
    • Created as Draft but checked for all fields when admin activation is required
    • Created as Active when no activation is required

Draft customer

All fields are optional at start, but checked for correctness.

  • It then creates a DRAFT resource.
  • To update it to ACTIVE
    • Some fields are required.
    • Use PATCH.

Active customer

To create an ACTIVE customer, all mandatory fields must be set. Status must be set as ACTIVE.

Access

Either:

  • Self creation and no identification is required
  • Creation by someone else:
    • An admin user or user with users creation rights
    • Only a user with rights modification rights can create a user with rights
    • Only an admin can create an admin
  • Creation by a userTrainer, with trainee rights set.
Authorizations:
Bearer
Request Body schema: application/json
required

The customers details

email
required
string

Customer's email.

_password
required
string >= 6 characters

Customer's password.

_admin
boolean

True if user is an administrator.

required
object
birthDate
string <date>

Date of birth.

honorificPrefix
string

An honorific prefix preceding a name such as Dr/Mrs/Mr.

givenName
required
string

The given name, the first name.

familyName
required
string

The family name, the last name.

nationality
required
string

Nationality.

jobTitle
string

The job title (for example, Financial Manager).

worksFor
string

Organizations'name that the person works for.

Responses

Request samples

Content type
application/json
{
  • "email": "example@gmail.com",
  • "_password": "YGIUHIdzzf!/85F",
  • "_admin": true,
  • "givenName": "John",
  • "familyName": "Doe",
  • "nationality": "American",
  • "address": {
    },
  • "technicalStatus": "DRAFT"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Search for Customers

Description

Search for customers.

Also available by GET method on the collection

Access

  • Admin
  • User with user management rights
  • userTrainer (but may only search on HIS trainees)
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Aggregation request, using Elasticsearch aggregation DSL.

size
required
integer

Page size.

avoidTotalHits
boolean

Tells if response should include total hits count.

includeETags
boolean

Tells if response should include _eTags fields for update.

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "aggs": { },
  • "sort": [
    ],
  • "next": [
    ],
  • "size": 0,
  • "avoidTotalHits": true,
  • "includeETags": true
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [
    ],
  • "aggs": { },
  • "nextPage": {
    },
  • "asyncResults": {
    }
}

Get a customer's details

Description

Get a customer's details.

  • _password field is always stripped out.
  • Deleted customers are only visible by admins.
  • Depending on access rights, returns diverse representations.

Clients getting full details

  • The own client
  • Admins
  • Clients with users administration rights

Response is:

  • Full content
  • Minus _* fields (password, admin...)

Clients getting system details

  • Whisp application (to update linked whisperers)

Response is limited to:

  • @id
  • email
  • rights
  • whisperers

Clients getting shortened info

  • Any other client

Response is limited to:

  • @id
  • email

Access

  • Customer, expect when using public links
  • Admin
  • User with users management right
  • User impersonating the user to open
  • User with userTrainer rights opening one of its trainee
  • Whisp application (to update linked whisperers)
Authorizations:
Bearer
path Parameters
id
required
string

Customer internal @id

Responses

Response samples

Content type
application/json
{
  • "@id": "Jz6lxOiuQYaIZNNouiyt6w",
  • "@type": "Person",
  • "version": "0.1",
  • "technicalStatus": "ACTIVE",
  • "creator": "AWUb00luIXCLtCIFlzoO",
  • "dateCreated": "2018-12-21T10:00:00.837Z",
  • "editor": "Jz6lxOiuQYaIZNNouiyt6w",
  • "dateModified": "2018-12-21T16:15:18.978Z",
  • "givenName": "John",
  • "familyName": "Doe",
  • "nationality": "American",
  • "email": "example@gmail.com",
  • "address": {
    },
  • "rights": {
    },
  • "whisperers": [
    ],
  • "_eTag": "\"d7-+6EM6pRmKNKDSTtAgeIK5g\""
}

Update customer's details

Description

Updates a customer. You can:

  • Update customer details
  • Change password
  • Set new rights (and admin flag)
  • Change Whisperer names (for synchro)
  • Change its state from DRAFT to ACTIVE

Rules

  • Patch must be done with resource previous eTag

    • eTag must be given in ifMatch header (* not authorized)
    • eTag must match current eTag
  • Technical fields are protected (@id, creator, dateCreated, @type)

  • For a customer to change its password or email, patch operations must include previous password value inside a test operation

    • { "op":"test", "path":"_password", "value":"xxx" }
  • When customer changes email:

    • If a customer with same email already exists, operation is cancelled.
    • A confirmation email challenge is sent. The account is blocked at connection until the mail is confirmed.
    • A mail is sent to old email
  • When customer changes password:

    • A confirmation mail is sent
  • When a customer changes from Draft to Active

    • A information mail is sent
  • Customer cannot change its own Whisperers list

  • Admins can:

    • Update a customer's details ONLY when DRAFT
      • Also clients with creation right
    • Update rights
      • Also clients with rights admin right
    • Reinit password without providing old one
      • Also clients with password admin right
    • Set a customer as admin
    • Change a DELETED user back to ACTIVE
  • Customer details, once in ACTIVE state, can only be modified by own customer

  • Whisp & Maintenance services can:

    • Update associated whisperers
  • _password and _admin field cannot be removed, copied or moved

  • email field cannot be removed or moved

Access

  • Admin
  • Own customer
  • Whisp service (to update linked whisperers)
  • Client with rights administration right
  • Client with user creation right
  • Client with password change/reinit right
Authorizations:
Bearer
path Parameters
id
required
string

Customer internal @id

header Parameters
If-Match
required
string

eTag of previous state of the customer

Request Body schema: application/json-patch+json
required

Json patch with the changes

Array
op
required
string
Enum: "test" "remove" "add" "replace" "move" "copy"
path
required
string
value
string
from
string

Responses

Request samples

Content type
application/json-patch+json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Delete a customer

Description

Set a customer to DELETED status. When the customer has one to many own Whisperers of UPLOAD type, they are also deleted.

Access

  • Admin
  • Clients with delete customer right
  • User with userTrainer right deleting on of its trainee account
Authorizations:
Bearer
path Parameters
id
required
string

Customer internal @id

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get a customer info by its email

Description

Same as GET /customer/v1/customers/{id}

Authorizations:
Bearer
path Parameters
email
required
string

Customer email

Responses

Response samples

Content type
application/json
{
  • "@id": "Jz6lxOiuQYaIZNNouiyt6w",
  • "@type": "Person",
  • "version": "0.1",
  • "technicalStatus": "ACTIVE",
  • "creator": "AWUb00luIXCLtCIFlzoO",
  • "dateCreated": "2018-12-21T10:00:00.837Z",
  • "editor": "Jz6lxOiuQYaIZNNouiyt6w",
  • "dateModified": "2018-12-21T16:15:18.978Z",
  • "givenName": "John",
  • "familyName": "Doe",
  • "nationality": "American",
  • "email": "example@gmail.com",
  • "address": {
    },
  • "rights": {
    },
  • "whisperers": [
    ],
  • "_eTag": "\"d7-+6EM6pRmKNKDSTtAgeIK5g\""
}

Get user token to impersonate this customer

Description

Generates a token for a user to be able to use another user whisperers and rights.

Rules

  • Customer must not be deleted
  • Only an administrator may impersonate another administrator

Output

  • Generate a new token with
    • The requested customer id in impersonated field.
    • The customer's whisperers
    • The customers rights (if useUserRights is 'true')
  • The token can be used to call any API
  • The services will behave as if the customer was calling, except that all traces and audit fields will be valued with the original caller's id.

Access

  • Customer with impersonate right
  • Customer with userTrainer right impersonating one of its trainee
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Customer internal @id

query Parameters
useUserRights
boolean

Ask to use user's right in the token. Keep caller's right if false.

Responses

Response samples

Content type
application/json
{
  • "token": "string"
}

Create a password challenge

Description

Create a password challenge to reinitialize a password. A token is created and sent by mail with a redirection link to the user. The redirection link:

  • launches an UI presenting a form to enter a new password
  • contains a unique token, valid once and a limited time

Rules

  • Account with this email must exist and not be deleted

Access

  • No identification required
Request Body schema: application/json
required

The email of the account

email
required
string

Email

redirectUrl
required
string

Base Url to construct the redirection link. Expected: Login UI endpoint.

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "redirectUrl": "string"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Set a password after a password challenge

Description

Set a new password to a user with:

  • The challenge token
  • The user email
  • The password (plain)

An email is sent to the user to inform him of password change. Connections error count is reset ;)

Rules

  • Account with this email must exist and not be deleted
  • Token must still exists (not used, not too old)
  • Token must be associated to right email and user

Access

  • No identification required
Request Body schema: application/json
required

The new password of the account

email
required
string

Email

token
required
string

Token sent in challenge

password
required
string

Password choosen by the user

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "token": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Confirm user email

Description

Used in mails sent to users to confirm their email addresses. This is why it is a GET, not a POST.

Rules

  • User must exist and not be deleted
  • The account confirmation token must exist
  • The token is linked to the right email and account
  • If user is in Draft status, an email is sent to admins for account activation
  • Confirmation page is shown

Access

  • No identification required
Authorizations:
Bearer
query Parameters
email
required
string

Email

token
required
string

Mail confirmation token

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Teams

Teams of users.

Create a new Team

Description

Creates a new team and add the owner as the first full rights customer.

Rules

  • A team with the same name must not exist

Access

  • Customer with team create right
  • Customer with userTrainer right creating a training team
  • Admin
Authorizations:
Bearer
Request Body schema: application/json
required

The team to create

name
required
string

Team's name.

description
string

Team's description.

required
object

Owner of the team.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "owner": {
    }
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get a team's details

Description

Get a team's details.

  • Depending on access rights, returns diverse representations.

Clients getting full details

  • Admins
  • Customers from the team
  • Customers using this team

Response is:

  • Full content

Clients getting system details

  • Whisp application (to update linked whisperers)

Response is limited to:

  • @id
  • name
  • whisperers

Clients getting shortened info

  • Any other client

Response is limited to:

  • @id
  • name

Access

  • Customer
  • Admin
  • Whisp application (to update linked whisperers)
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

Responses

Response samples

Content type
application/json
{
  • "@id": "AnaRheQISOmLu8bKiQv11w",
  • "@type": "Team",
  • "version": "0.1",
  • "name": "First team",
  • "description": "Short team description.",
  • "dateCreated": "2021-03-07T14:43:35.152Z",
  • "creator": "hfQ1rsfcRKWslHwWAPJ9bg",
  • "customers": [
    ],
  • "whisperers": [
    ],
  • "settings": {
    },
  • "technicalStatus": "ACTIVE",
  • "dateModified": "2021-03-18T22:15:39.345Z",
  • "token": "7p8i66dCQsynmFNULKdnjA",
  • "editor": "hfQ1rsfcRKWslHwWAPJ9bg"
}

Update team's details

Description

Updates a team. You can:

  • Update team's details
  • Add/remove customers
  • Set new customers rights
  • Add/remove whisperer names (for synchro)
  • Change team's settings

Rules

  • Patch must be done with resource previous eTag

    • eTag must be given in ifMatch header (* not authorized)
    • eTag must match current eTag
  • Patch cannot be done on DELETED team

  • Technical fields are protected (@id, creator, dateCreated, @type)

  • Customers with share right can update customers list and access filters

  • Customers with settings right can update team settings

  • Customers with update right can update name, description

  • Whisp and Maintenance services can:

    • Update associated whisperers
  • Token cannot be changed with patch

  • A mail is sent to team administrators with changes made

  • After update,

    • Whisperers list for customers and access filters are cleaned from any removed whisperer from the team
    • Users list for access filters are cleaned from any removed user from the team

Access

  • Admin
  • Whisp service (to update linked whisperers)
  • Client with rights on team: share, whisperers, settings, update, rights
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

header Parameters
If-Match
required
string

eTag of previous state of the team

Request Body schema: application/json-patch+json
required

Json patch with the changes

Array
op
required
string
Enum: "test" "remove" "add" "replace" "move" "copy"
path
required
string
value
string
from
string

Responses

Request samples

Content type
application/json-patch+json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Delete a team

Description

Set a team to DELETED status.

If the team is a training team, its own whisperers are deleted.

Access

  • Admin
  • Clients with update team right
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Join a team

Description

Join a user to a team with:

  • The join token
  • The user @id
  • The user email

An email is sent to the team admin to tell them about new user.

Rules

  • The join token must belong to a team
  • Team must still be active
  • User must not be part of the team

Access

  • Admin
  • Customer whose @id is in body
Authorizations:
Bearer
Request Body schema: application/json
required

The new password of the account

email
required
string

Email

token
required
string

Token sent in challenge

password
required
string

Password choosen by the user

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "token": "string",
  • "password": "string"
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Add a share token to the team

Description

Set a share token to the team. The token is randomly generated.

Rules

  • Team must not be deleted
  • A notification mail is sent to team admins

Access

  • Customer being part of the team, with team update right
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Remove team share token

Description

Delete the team share token.

Rules

  • Team must not be deleted
  • A notification mail is sent to team admins

Access

  • Customer being part of the team, with team update right
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

Responses

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get user token for this team

Description

Generates a token for the user to be able to use team's whisperers and rights.

Rules

  • Team must not be deleted

Access

  • Customer being part of the team
  • Admin
Authorizations:
Bearer
path Parameters
id
required
string

Team internal @id

Responses

Response samples

Content type
application/json
{
  • "token": "string"
}

Get a team info by its name

Description

Same as GET /teams/v1/teams/{id}

Authorizations:
Bearer
path Parameters
name
required
string

Team name

Responses

Response samples

Content type
application/json
{
  • "@id": "AnaRheQISOmLu8bKiQv11w",
  • "@type": "Team",
  • "version": "0.1",
  • "name": "First team",
  • "description": "Short team description.",
  • "dateCreated": "2021-03-07T14:43:35.152Z",
  • "creator": "hfQ1rsfcRKWslHwWAPJ9bg",
  • "customers": [
    ],
  • "whisperers": [
    ],
  • "settings": {
    },
  • "technicalStatus": "ACTIVE",
  • "dateModified": "2021-03-18T22:15:39.345Z",
  • "token": "7p8i66dCQsynmFNULKdnjA",
  • "editor": "hfQ1rsfcRKWslHwWAPJ9bg"
}

Search for Teams

Description

Search for teams.

Also available by GET method on the collection

Rules

  • When not called by admin, will limit to teams of which the user belongs.

Access

  • Admin
  • User of the team
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Aggregation request, using Elasticsearch aggregation DSL.

size
required
integer

Page size.

avoidTotalHits
boolean

Tells if response should include total hits count.

includeETags
boolean

Tells if response should include _eTags fields for update.

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "aggs": { },
  • "sort": [
    ],
  • "next": [
    ],
  • "size": 0,
  • "avoidTotalHits": true,
  • "includeETags": true
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [
    ],
  • "aggs": { },
  • "nextPage": {
    },
  • "asyncResults": {
    }
}

Packets

Network packets, as captured on the wire(less). ANSI layer 3.

Push packets

Description

Process a json payload of packets and:

  • Make them ready for parsing.
  • Save them (optional).

Checks

  • Spider packets structure

Access

  • Whisperers
Authorizations:
Bearer
Request Body schema: application/json
required

Json payload with packets to analyse by Spider.

Array
@id
string

Unique id of the packet in the system.

@type
string
Value: "Packet"
version
string
Value: "2.0"

Version of the schema.

name
string

Name of the packet (for display).

whisperer
string

Whisperer that captured the packet

instanceId
string

Instance id of the whisperer

tcpSession
string

Id of the Tcp session the packet is in

timestamp
number <double>

Unix timestamp of capture, with microseconds

length
integer

Size of the packet (size of rawPacket.buf buffer)

object

List of protocols used by this packet, keys are protocols name: TCP, UDP, IPv4...

object

Responses

Request samples

Content type
application/json
{
  • "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
  • "@type": "Packet",
  • "version": "2.0",
  • "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
  • "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
  • "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
  • "instanceId": "rd-srv508-bes",
  • "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
  • "timestamp": 1642625100.188968,
  • "length": 229,
  • "protocols": {
    },
  • "rawPacket": {
    }
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Search for packets

Description

Searches or aggregation analysis on packets

Also available by GET method on the collection

Rules

Admin may search without specifying a whisperer

Access

  • Admin or client
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

whisperers
Array of strings

List of whisperers to search on.

startTime
number <double>

Start unix timestamp of search window. Up to 6 decimals for microseconds.

stopTime
number <double>

Stop unix timestamp of search window. Up to 6 decimals for microseconds.

startDate
string <date-time>

Start date of search window (can replace startTime).

stopDate
string <date-time>

Stop date of search window (can replace stopTime).

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Ids of the last resource already fetched to get next ones.

size
integer

Page size.

withContent
boolean

True if you want to embed content in the result items (only for HTTP coms)

avoidTotalHits
boolean

Tells if response should include total hits count.

async
boolean

Ask for an async search (when supported).

asyncDelayMs
number <integer>

How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async).

asyncId
string

Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer.

asyncKeepAliveS
number <integer>

How long (in seconds) the async answer is allowed to search before being killed.

Responses

Request samples

Content type
application/json
Example
{
  • "size": 20,
  • "whisperers": [
    ],
  • "startTime": 1547789298.676,
  • "stopTime": 1547805717.362,
  • "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
  • "sort": [
    ]
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [
    ],
  • "aggs": { },
  • "nextPage": {
    },
  • "asyncResults": {
    }
}

Get a packet

Description

Get a packet

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
path Parameters
id
required
string

Internal id of packet

Responses

Response samples

Content type
application/json
{
  • "@id": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
  • "@type": "Packet",
  • "version": "2.0",
  • "commonId": "ROlrqlFhTY2ayXIxTV2uZA.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931-5",
  • "name": "456285.172.16.102.72-43118-172.16.102.125-8080#5",
  • "whisperer": "ROlrqlFhTY2ayXIxTV2uZA",
  • "instanceId": "rd-srv508-bes",
  • "tcpSession": "ROlrqlFhTY2ayXIxTV2uZA.rd-srv508-bes.456285.172.16.102.72-43118-172.16.102.125-8080.1682747931",
  • "timestamp": 1642625100.188968,
  • "length": 229,
  • "rawPacket": {
    },
  • "protocols": {
    },
  • "date": "2022-01-19T20:45:00.188Z",
  • "minute": "2022-01-19T20:45:00.000Z",
  • "protocolsList": [
    ]
}

Aggregate TCP payload for provided packets (fallback)

Description

Build the tcp payload of the packets listed in input.

Also available by GET method

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

List of packets identifiers

Array
string

System id of packet

Responses

Request samples

Content type
application/json
[
  • "string"
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get a collection of packets (fallback)

Description

Get the packets listed in input (by id).

Also available by GET method

Access

  • Admin
  • Application (another service)
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

List of packets identifiers

Array
string

System id of packet

Responses

Request samples

Content type
application/json
[
  • "string"
]

Response samples

Content type
application/json
[
  • { }
]

Get a packets of a Tcp Session between two indices (or from a index to the end)

Description

Get the packets of the {tcpSession} in input, from {indexStart} to {indexEnd} (opt).

Access

  • Admin
  • Application (another service)
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

Range of packets to receive

tcpSession
string

Id of the Tcp session the packet is in

indexStart
integer

Index above which the first packet to send must be (exclusive)

indexEnd
string

Index before which the last packet to send must be (inclusive), optional

Responses

Request samples

Content type
application/json
{
  • "tcpSession": "string",
  • "indexStart": 0,
  • "indexEnd": "string"
}

Response samples

Content type
application/json
[
  • { }
]

Aggregate TCP payload for several group of packets

Description

Build the tcp payload of the list of packets groups listed in input.

Also available by GET method

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

List of packets groups

Array
requestId
string

Id of group of packets, internal to client

packetIds
Array of strings

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • {
    }
]

Set packets as parsed

Description

Set the packets of {tcpSession} before {maxIndex} as parsed. When parsed, they are removed from working memory in Redis. Depending of whisperer settings to save Packets:

  • Poller may synchronize them to ES, then remove them from Redis.
  • Poller may plainly remove them from Redis.
  • Pack Update may directly remove them from Redis, if already processed by Poller.

This API is used in real time processing of packets to optimise Redis usage and speed of processing.

Access

  • Admin
  • Application (another service)
Authorizations:
Bearer
Request Body schema: application/json
required
Array
tcpSession
string

System id of the TCP session owning the packets

maxIndex
integer

Maximum index that has been parsed (inclusive)

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Purge packets

Description

Create a asynchronous purging job of packets.

Access

  • Admin
  • Client asking to purge only on whisperers it owns of with purge right
Authorizations:
Bearer
Request Body schema: application/json
required

List of packets identifiers

whisperers
Array of strings
from
number <double>

Start unix timestamp of purge window. Up to 6 decimals for microseconds.

to
number <double>

Stop unix timestamp of purge window. Up to 6 decimals for microseconds.

Responses

Request samples

Content type
application/json
{
  • "whisperers": [
    ],
  • "from": 0.1,
  • "to": 0.1
}

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get purge packets progress

Description

Get purge progress

Access

  • Admin
  • Customer
Authorizations:
Bearer
path Parameters
job
required
string

Internal id of job

Responses

Response samples

Content type
application/json
{
  • "completed": true,
  • "total": 0,
  • "deleted": 0,
  • "failures": [
    ],
  • "durationMs": 0
}

Tcp sessions

TCP sessions: consistent stateful communication of packets between 2 hosts. Can contain any kind of exchanges. ANSI layer 4.

Push Tcp sessions

Description

Stores TCP sessions and trigger parsing of payload according to Whisperers parsing configuration.

Access

  • Whisperers
Authorizations:
Bearer
Request Body schema: application/json
required

Tcp Session with packets id to analyse by Spider.

Array
@id
string

System id of TCP session

name
string
object

Client host

object

Server host

state
string
Enum: "SYN_SENT" "SYN_RECEIVED" "ESTABLISHED" "CLOSE_WAIT" "LAST_ACK" "CLOSED"

State of TCP session lifecycle

packetsCount
integer

Count of packets in the sessions

synTimestamp
number <double>

Timestamp of SYN packet

missedSyn
boolean

If whisperer missed SYN

connectTimestamp
number <double>

Timestamp when connection was established

firstTimestamp
number <double>

Timestamp of first packet (different from SYN when missedSyn)

lastTimestamp
number <double>

Timestamp of last packet

object

Out packets (responses from server)

object

In packets (responses from server)

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "@type": "Error",
  • "title": "Error title",
  • "message": "Error details"
}

Get a TCP session

Description

Get a TCP session

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
path Parameters
id
required
string

Internal id of TCP session

Responses

Response samples

Content type
application/json
{
  • "@id": "string",
  • "@type": "Tcp session",
  • "version": "string",
  • "name": "string",
  • "whisperer": "string",
  • "instanceId": "string",
  • "src": {
    },
  • "dst": {
    },
  • "state": "SYN_SENT",
  • "packetsCount": 0,
  • "syn": 0.1,
  • "missedSyn": true,
  • "connect": 0.1,
  • "first": 0.1,
  • "firstDate": "2019-08-24",
  • "last": 0.1,
  • "lastDate": "2019-08-24",
  • "duration": 0.1,
  • "timespan": {
    },
  • "latency": 0.1,
  • "out": {
    },
  • "in": {
    },
  • "parsers": {
    },
  • "dateModified": "2019-08-24"
}

Search for TCP sessions (fallback)

Description

Searches or aggregation analysis on TCP sessions

Also available by GET method on the collection

Rules

May ask for an aggregation, with size:0 and no whisperers defined:

  • Admin
  • Client with admin monitoring right

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
    • Taking into account access filters
    • Taking into account time range for public links
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

whisperers
Array of strings

List of whisperers to search on.

startTime
number <double>

Start unix timestamp of search window. Up to 6 decimals for microseconds.

stopTime
number <double>

Stop unix timestamp of search window. Up to 6 decimals for microseconds.

startDate
string <date-time>

Start date of search window (can replace startTime).

stopDate
string <date-time>

Stop date of search window (can replace stopTime).

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Ids of the last resource already fetched to get next ones.

size
integer

Page size.

withContent
boolean

True if you want to embed content in the result items (only for HTTP coms)

avoidTotalHits
boolean

Tells if response should include total hits count.

async
boolean

Ask for an async search (when supported).

asyncDelayMs
number <integer>

How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async).

asyncId
string

Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer.

asyncKeepAliveS
number <integer>

How long (in seconds) the async answer is allowed to search before being killed.

Responses

Request samples

Content type
application/json
Example
{
  • "size": 20,
  • "whisperers": [
    ],
  • "startTime": 1547789298.676,
  • "stopTime": 1547805717.362,
  • "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
  • "sort": [
    ]
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [
    ],
  • "aggs": { },
  • "nextPage": {
    },
  • "asyncResults": {
    }
}

Preaggregated search for parsing status histogram

Description

Histogram aggregation analysis on TCP sessions

Rules

Size:0, no next, no sort.

  • Admin
  • Client with admin monitoring right

Access

  • Admin
  • Customer
    • Limited access to the whisperers it has access to
Authorizations:
Bearer
Request Body schema: application/json
required

Search parameters

whisperers
Array of strings

List of whisperers to search on.

startTime
number <double>

Start unix timestamp of search window. Up to 6 decimals for microseconds.

stopTime
number <double>

Stop unix timestamp of search window. Up to 6 decimals for microseconds.

startDate
string <date-time>

Start date of search window (can replace startTime).

stopDate
string <date-time>

Stop date of search window (can replace stopTime).

query
string

Free query, using Elasticsearch query string DSL.

aggs
object

Aggregation request, using Elasticsearch aggregation DSL.

Array of objects

Sorting option. Sorting by @id is automaticaly added.

next
Array of strings

Ids of the last resource already fetched to get next ones.

size
integer

Page size.

withContent
boolean

True if you want to embed content in the result items (only for HTTP coms)

avoidTotalHits
boolean

Tells if response should include total hits count.

async
boolean

Ask for an async search (when supported).

asyncDelayMs
number <integer>

How long (in milliseconds) server should wait for an answer before answering with a partial answer (when async).

asyncId
string

Id of previous async answer from server (to get follow up). Included in hypermedia answer from server when async answer.

asyncKeepAliveS
number <integer>

How long (in seconds) the async answer is allowed to search before being killed.

Responses

Request samples

Content type
application/json
Example
{
  • "size": 20,
  • "whisperers": [
    ],
  • "startTime": 1547789298.676,
  • "stopTime": 1547805717.362,
  • "query": "!req.uri:contexts AND !req.uri:version AND !req.query:afterUpdate*",
  • "sort": [
    ]
}

Response samples

Content type
application/json
{
  • "total": 0,
  • "items": [