Create a Saved Query

description initiates the creation of a saved query in rapid7 insightidr using the provided 'saved query' details endpoint url /log search/query/saved queries method post inputs json body (object) – required saved query (object) – required name (string) – required the name for the saved query leql (object) – required during (object) from (number) the start of the time range for the query, as a unix timestamp in milliseconds to (number) the end of the time range for the query, as a unix timestamp in milliseconds time range (string) relative time range (instead of absolute from + to time range) possible values are "yesterday", "today" and "last x timeunits" where x is the number of time unit back from the current server time supported time units (case insensitive) are min(s) or minute(s), hr(s) or hour(s), day(s), week(s), month(s) and year(s) statement (string) – required the leql query run against the log(s) if empty, the query retrieves all log entries in the specified time range logs (array) the log keys of the logs which the query is run against output example \[ { "status code" 201, "response headers" { "date" "fri, 21 jun 2024 09🔞35 gmt", "content type" "application/json", "content length" "180", "connection" "keep alive", "vary" "origin, accept encoding, origin", "location" "https //us3 api insight rapid7 com/log search/query/saved queries/00000000 0000 1618 0000 000000000000", "strict transport security" "max age=31536000; includesubdomains", "r7 correlation id" "3f4f3a96 4af9 4229 9303 30dd632beb93", "access control allow credentials" "true", "access control expose headers" "r7 correlation id", "ratelimit limit" "1500", "ratelimit reset" "900", "ratelimit remaining" "1499", "x ratelimit limit" "1500", "x ratelimit reset" "900", "x ratelimit remaining" "1499" }, "reason" "created", "json body" { "saved query" { "id" "00000000 0000 1618 0000 000000000000", "name" "saved query 2", "leql" { "statement" "where(test)", "during" { "time range" null, "to" null, "from" null } }, "logs" \[ "" ] } } } ] output parameters status code (number) reason (string) json body (object) saved query (object) id (string) name (string) leql (object) statement (string) during (object) time range (object) to (object) from (object) logs (array) response headers header type date string content type string content length string connection string vary string location string strict transport security string r7 correlation id string access control allow credentials string access control expose headers string ratelimit limit string ratelimit reset string ratelimit remaining string x ratelimit limit string x ratelimit reset string x ratelimit remaining string