Run Saved Query

description executes a predefined saved query within rapid7 insightidr using the provided 'saved query id' endpoint url /log search/query/saved query/{{saved query id}} method get inputs path parameters (object) – required saved query id (string) – required the id of the saved query parameters (object) – required time range (string) an alternative to the from and to query parameters possible values are "yesterday", "today" and "last x timeunits" where x is the number of time unit back from the current server time supported time units (case insensitive) are min(s) or minute(s), hr(s) or hour(s), day(s), week(s), month(s) and year(s) if "time range" is used, then the "from" and "to" query parameters must not be used from (number) the start of the time range for the query, as a unix timestamp in milliseconds to (number) the end of the time range for the query, as a unix timestamp in milliseconds per page (number) number of log entries to return per page, up to 500(the maximum allowed) kvp info (boolean) when set to true, the events object that is returned will additionally contain information about all the key value pairs in each returned log entry most recent first (boolean) when set to true, the query returns the most recent events first when set to false, it returns the oldest events first output example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "logs" \[ "565c1b7b c08b 4c87 a42a ab08bad56071" ], "leql" { "statement" "where(931dde6c60>=800)", "during" { "from" 1609629856000, "to" 1609629992000 } }, "events" \[ { "labels" \[ { "links" \[ { "rel" "self", "href" "https //ap rest logs insight rapid7 com/management/labels/00000000 0000 0000 0000 000000000001" } ], "id" "00000000 0000 0000 0000 000000000001" } ], "timestamp" 1609629969390, "sequence number" 2234733321019952000, "log id" "565c1b7b c08b 4c87 a42a ab08bad56071", "message" "{\\"931dde6c60\\" 899}", "links" \[ { "rel" "context", "href" "https //ap rest logs insight rapid7 com/query/context/2234733321019952220?per page=50\&timestamp=1609629969390\&log keys=565c1b7b c08b 4c87 a42a ab08bad56071\&context type=surround\&kvp info=true" } ], "sequence number str" 2234733321019952000, "kvp info" \[ { "key" { "text" "json 931dde6c60", "start" 2, "end" 12 }, "value" { "text" 899, "start" 14, "end" 17 } } ] }, { "labels" \[ { "links" \[ { "rel" "self", "href" "https //ap rest logs insight rapid7 com/management/labels/00000000 0000 0000 0000 000000000001" } ], "id" "00000000 0000 0000 0000 000000000001" } ], "timestamp" 1609629978988, "sequence number" 2234733321345612300, "log id" "565c1b7b c08b 4c87 a42a ab08bad56071", "message" "{\\"931dde6c60\\" 931}", "links" \[ { "rel" "context", "href" "https //ap rest logs insight rapid7 com/query/context/2234733321345612345?per page=1\&timestamp=1609629978988\&log keys=565c1b7b c08b 4c87 a42a ab08bad56071\&context type=surround\&kvp info=true" } ], "sequence number str" 2234733321345612300, "kvp info" \[ { "key" { "text" "json 931dde6c60", "start" 2, "end" 12, "value" { "text" 931, "start" 14, "end" 17 } } } ] } ] } } ] output parameters status code (number) reason (string) json body (object) logs (array) leql (object) statement (string) during (object) from (number) to (number) events (array) labels (array) links (array) rel (string) href (string) id (string) timestamp (number) sequence number (number) log id (string) message (string) links (array) rel (string) href (string) sequence number str (number) kvp info (array) key (object) text (string) start (number) end (number) value (object) text (number) start (number) end (number)