Cribl

cribl cloud is a log management solution that provides centralized logging, data analysis, and real time visibility for organizations it allows for collecting, processing, and forwarding large volumes of log data from various sources in the cloud environment it provides features such as field extraction, aggregation, data routing, and alerting to enable organizations to quickly identify and respond to security threats, troubleshoot issues, and improve operations asset setup this connector supports the below authentication options oauth2 client credentials authentication for cribl cloud to set up the asset, you need the following inputs url client id client secret audience token url oauth2 password authentication for cribl onprem if you're using sso/openid connect authentication, you must toggle allow local auth on, because you'll need to be a local user when you authenticate via the api to set up the asset, you need the following inputs url username password capabilities this connector provides the following capabilities evaluate expression get dataset by id get datasets get job result get log by id get logs get lookup file by id get lookups get message by id get messages get notification by id get notification targets get processes get role by id get roles and so on api documentation link https //docs cribl io/api/ https //docs cribl io/stream/api tutorials/#criblcloud free tier configurations http basic authentication authenticates cribl onprem using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional oauth 2 0 client credentials authenticates cribl cloud using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional audience audience string required actions evaluate expression returns a list of exprlibentry objects endpoint url /lib/expression method post output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items context object output field items context items context additionalprop1 object output field items context additionalprop1 items evaltype string type of the resource items expr string output field items expr items id string unique identifier items pack string output field items pack items result object result of the operation items result additionalprop1 object result of the operation items unprotected boolean output field items unprotected output example {"count" 123,"items" \[{"context" {},"evaltype" "string","expr" "string","id" "12345678 1234 1234 1234 123456789abc","pack" "string","result" {},"unprotected"\ true}]} get dataset by id get dataset by id endpoint url /search/datasets/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items output example {"count" 123,"items" \["string"]} get datasets get a list of dataset objects endpoint url /search/datasets method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items output example {"count" 123,"items" \["string"]} get job result get results for a discover job by instance id endpoint url /jobs/{{id}}/results method get input argument name type required description path parameters id string required job instance id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase string string output field string output example {"string" "string"} get log by id get contents of the log file endpoint url /system/logs/{{id}} method get input argument name type required description path parameters id string required log id parameters limit number optional maximum number of log lines to retrieve starting from offset parameters endoffset number optional in the current log file to fetch the log events upto parameters et number optional epoch timestamp of the earliest event (includes rolled files present on disk) parameters lt number optional epoch timestamp of the latest event (includes rolled files present on disk) parameters filter string optional filter input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"limit" 123,"endoffset" 123,"et" 123,"lt" 123,"filter" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items additionalprop1 object output field items additionalprop1 output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get logs get a list of log files endpoint url /system/logs method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items path string output field items path output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get lookup file by id get lookupfile by id endpoint url /system/lookups/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items fileinfo object output field items fileinfo items fileinfo filename string name of the resource items id string unique identifier items description string output field items description items tags string output field items tags items size number output field items size items content string response content output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{},{}]}} get lookups get a list of lookupfile objects endpoint url /system/lookups method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items fileinfo object output field items fileinfo items fileinfo filename string name of the resource items id string unique identifier items description string output field items description items tags string output field items tags items size number output field items size items content string response content output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{},{}]}} get message by id get bulletinmessage by id endpoint url /system/message/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items severity string output field items severity items title string output field items title items text string output field items text items time number time value items group string output field items group items metadata array response data output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get messages get a list of bulletinmessage objects endpoint url /system/messages method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items severity string output field items severity items title string output field items title items text string output field items text items time number time value items group string output field items group items metadata array response data output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get notification by id get notification target by id endpoint url /notification targets/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items type string type of the resource items systemfields array output field items systemfields output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get notification targets get a list of notificationtarget objects endpoint url /notification targets method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items type string type of the resource items systemfields array output field items systemfields output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get processes get a list of processes under management endpoint url /system/processes method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items env object output field items env items env additionalprop1 object output field items env additionalprop1 items id string unique identifier items pid number unique identifier items restartonexit boolean output field items restartonexit items restarts number output field items restarts items starttime number time value items type string type of the resource output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get role by id get role by id endpoint url /system/roles/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items description string output field items description items id string unique identifier items policy array output field items policy items tags array output field items tags items title string output field items title output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get roles get a list of role objects endpoint url /system/roles method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items description string output field items description items id string unique identifier items policy array output field items policy items tags array output field items tags items title string output field items title output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get sample by id get datasample by id endpoint url /system/samples/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items samplename string name of the resource items pipelineid string unique identifier items description string output field items description items ttl number output field items ttl items tags string output field items tags items additionalprop1 object output field items additionalprop1 output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get samples get a list of datasample objects endpoint url /system/samples method get output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items samplename string name of the resource items created number output field items created items istemplate boolean output field items istemplate items size number output field items size items numevents number output field items numevents items id string unique identifier items modified number output field items modified items tstemplatefield string output field items tstemplatefield count number count value output example {"status code" 200,"response headers" {"strict transport security" "max age=31536000; includesubdomains","x cribl api cache control" "max age=300","content type" "application/json; charset=utf 8","content length" "3401","date" "thu, 19 oct 2023 11 12 35 gmt","connection" "keep alive","keep alive" "timeout=5"},"reason" "ok","json body" {"items" \[{"samplename" "weblog log","created" 1574797148907,"istemplate"\ true,"size" 44018,"numevents" 100,"id" "weblog","modified" 1697029993349},{"samplename" " get saved job by id get savedjob by id endpoint url /lib/jobs/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items type string type of the resource items ttl string output field items ttl items removefields array output field items removefields items resumeonboot boolean output field items resumeonboot items environment string output field items environment items schedule object output field items schedule items schedule enabled boolean output field items schedule enabled items schedule cronschedule string output field items schedule cronschedule items schedule maxconcurrentruns number output field items schedule maxconcurrentruns items schedule skippable boolean output field items schedule skippable items schedule resumemissed string output field items schedule resumemissed items schedule run object output field items schedule run items streamtags array output field items streamtags items workeraffinity boolean output field items workeraffinity items collector object output field items collector items collector type string type of the resource items collector conf object output field items collector conf items collector destructive boolean output field items collector destructive items input object input data for the action items input type string input data for the action output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get saved jobs get a list of savedjob objects endpoint url /lib/jobs method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items id string unique identifier items type string type of the resource items ttl string output field items ttl items removefields array output field items removefields items resumeonboot boolean output field items resumeonboot items environment string output field items environment items schedule object output field items schedule items schedule enabled boolean output field items schedule enabled items schedule cronschedule string output field items schedule cronschedule items schedule maxconcurrentruns number output field items schedule maxconcurrentruns items schedule skippable boolean output field items schedule skippable items schedule resumemissed string output field items schedule resumemissed items schedule run object output field items schedule run items streamtags array output field items streamtags items workeraffinity boolean output field items workeraffinity items collector object output field items collector items collector type string type of the resource items collector conf object output field items collector conf items collector destructive boolean output field items collector destructive items input object input data for the action items input type string input data for the action output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get saved queries get a list of savedquery objects endpoint url /search/saved method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items chartconfig object output field items chartconfig items chartconfig axis object output field items chartconfig axis items chartconfig axis xaxis string output field items chartconfig axis xaxis items chartconfig axis yaxis array output field items chartconfig axis yaxis items chartconfig color string output field items chartconfig color items chartconfig colorpalette number output field items chartconfig colorpalette items chartconfig colorpalettereversed boolean output field items chartconfig colorpalettereversed items chartconfig data object response data items chartconfig data connectnulls string response data items chartconfig data stack boolean response data items chartconfig decimals number output field items chartconfig decimals items chartconfig label string output field items chartconfig label items chartconfig legend object output field items chartconfig legend items chartconfig legend position string output field items chartconfig legend position items chartconfig legend truncate boolean output field items chartconfig legend truncate items chartconfig prefix string output field items chartconfig prefix items chartconfig series array output field items chartconfig series items chartconfig series color string output field items chartconfig series color items chartconfig series name string name of the resource items chartconfig series type object type of the resource items chartconfig series yaxisfield string output field items chartconfig series yaxisfield output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get saved query by id get savedquery by id endpoint url /search/saved/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items chartconfig object output field items chartconfig items chartconfig axis object output field items chartconfig axis items chartconfig axis xaxis string output field items chartconfig axis xaxis items chartconfig axis yaxis array output field items chartconfig axis yaxis items chartconfig color string output field items chartconfig color items chartconfig colorpalette number output field items chartconfig colorpalette items chartconfig colorpalettereversed boolean output field items chartconfig colorpalettereversed items chartconfig data object response data items chartconfig data connectnulls string response data items chartconfig data stack boolean response data items chartconfig decimals number output field items chartconfig decimals items chartconfig label string output field items chartconfig label items chartconfig legend object output field items chartconfig legend items chartconfig legend position string output field items chartconfig legend position items chartconfig legend truncate boolean output field items chartconfig legend truncate items chartconfig prefix string output field items chartconfig prefix items chartconfig series array output field items chartconfig series items chartconfig series color string output field items chartconfig series color items chartconfig series name string name of the resource items chartconfig series type object type of the resource items chartconfig series yaxisfield string output field items chartconfig series yaxisfield output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get search job by id get searchjob by id endpoint url /search/jobs/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items chartconfig object output field items chartconfig items chartconfig axis object output field items chartconfig axis items chartconfig axis xaxis string output field items chartconfig axis xaxis items chartconfig axis yaxis array output field items chartconfig axis yaxis items chartconfig color string output field items chartconfig color items chartconfig colorpalette number output field items chartconfig colorpalette items chartconfig colorpalettereversed boolean output field items chartconfig colorpalettereversed items chartconfig data object response data items chartconfig data connectnulls string response data items chartconfig data stack boolean response data items chartconfig decimals number output field items chartconfig decimals items chartconfig label string output field items chartconfig label items chartconfig legend object output field items chartconfig legend items chartconfig legend position string output field items chartconfig legend position items chartconfig legend truncate boolean output field items chartconfig legend truncate items chartconfig prefix string output field items chartconfig prefix items chartconfig series array output field items chartconfig series items chartconfig series color string output field items chartconfig series color items chartconfig series name string name of the resource items chartconfig series type object type of the resource items chartconfig series yaxisfield string output field items chartconfig series yaxisfield output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get search jobs get a list of searchjob objects endpoint url /search/jobs method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items chartconfig object output field items chartconfig items chartconfig axis object output field items chartconfig axis items chartconfig axis xaxis string output field items chartconfig axis xaxis items chartconfig axis yaxis array output field items chartconfig axis yaxis items chartconfig color string output field items chartconfig color items chartconfig colorpalette number output field items chartconfig colorpalette items chartconfig colorpalettereversed boolean output field items chartconfig colorpalettereversed items chartconfig data object response data items chartconfig data connectnulls string response data items chartconfig data stack boolean response data items chartconfig decimals number output field items chartconfig decimals items chartconfig label string output field items chartconfig label items chartconfig legend object output field items chartconfig legend items chartconfig legend position string output field items chartconfig legend position items chartconfig legend truncate boolean output field items chartconfig legend truncate items chartconfig prefix string output field items chartconfig prefix items chartconfig series array output field items chartconfig series items chartconfig series color string output field items chartconfig series color items chartconfig series name string name of the resource items chartconfig series type object type of the resource items chartconfig series yaxisfield string output field items chartconfig series yaxisfield output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get secret by id get restsecret by id endpoint url /system/secrets/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items apikey string output field items apikey items description string output field items description items id string unique identifier items password string output field items password items secretkey string output field items secretkey items secrettype string type of the resource items tags string output field items tags items username string name of the resource items value string value for the parameter output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get secrets get a list of restsecret objects endpoint url /system/secrets method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items apikey string output field items apikey items description string output field items description items id string unique identifier items password string output field items password items secretkey string output field items secretkey items secrettype string type of the resource items tags string output field items tags items username string name of the resource items value string value for the parameter output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get user by id get user by id endpoint url /system/users/{{id}} method get input argument name type required description path parameters id string required unique id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items currentpassword string output field items currentpassword items disabled boolean output field items disabled items email string output field items email items first string output field items first items id string unique identifier items last string output field items last items password string output field items password items roles array output field items roles items username string name of the resource output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} get users get a list of user objects endpoint url /system/users method get output parameter type description status code number http status code of the response reason string response reason phrase count number count value items array output field items items currentpassword string output field items currentpassword items disabled boolean output field items disabled items email string output field items email items first string output field items first items id string unique identifier items last string output field items last items password string output field items password items roles array output field items roles items username string name of the resource output example {"status code" 200,"response headers" {"date" "fri, 06 oct 2023 06 05 14 gmt","content type" "application/json;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, private, max age=0, must revalidate","strict transport security" "max age=31536000","x frame options" "sameorigin","x content type options" "nosniff"},"reason" "ok","json body" {"count" 0,"items" \[{}]}} response headers header description example cache control directives for caching mechanisms no cache, no store, private, max age=0, must revalidate connection http response header connection keep alive content length the length of the response body in bytes 3401 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt keep alive http response header keep alive timeout=5 strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x cribl api cache control http response header x cribl api cache control max age=300 x frame options http response header x frame options sameorigin