Kql Queryset
Warning
The functions are not fully tested yet. Use with caution. Please report any issues to the GitHub repository.
kql_queryset_create
kql_queryset_create(workspace_id: str, display_name: str, kql_database_path: str, description: str = None, await_lro: bool = None, timeout: int = 60 * 5, preview: bool = True) -> requests.Response
Create a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to create the kql queryset in. |
required |
display_name
|
str
|
The display name of the kql queryset. |
required |
kql_database_path
|
str
|
The path to the kql queryset to load content from. |
required |
description
|
str | None
|
The description of the kql queryset. |
None
|
await_lro
|
bool | None
|
Whether to await the long running operation. |
None
|
timeout
|
int
|
Timeout for the long running operation (seconds). Defaults to 5 minutes. |
60 * 5
|
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_get
kql_queryset_get(workspace_id: str, kql_queryset_id: str, preview: bool = True) -> requests.Response
Get a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to get the kql queryset from. |
required |
kql_queryset_id
|
str
|
The id of the kql queryset to get. |
required |
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_list
kql_queryset_list(workspace_id: str, continuation_token: str = None, preview: bool = True) -> requests.Response
List kql querysets for a workspace.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to list kql querysets for. |
required |
continuation_token
|
str | None
|
A token for retrieving the next page of results. |
None
|
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_update
kql_queryset_update(workspace_id: str, kql_queryset_id: str, display_name: str = None, description: str = None, preview: bool = True) -> requests.Response
Update a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to update. |
required |
kql_queryset_id
|
str
|
The id of the kql queryset to update. |
required |
display_name
|
str | None
|
The display name of the kql queryset. |
None
|
description
|
str | None
|
The description of the kql queryset. |
None
|
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_delete
kql_queryset_delete(workspace_id: str, kql_queryset_id: str, preview: bool = True) -> requests.Response
Delete a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to delete. |
required |
kql_queryset_id
|
str
|
The id of the kql queryset to delete. |
required |
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_get_definition
kql_queryset_get_definition(workspace_id: str, kql_queryset_id: str, await_lro: bool = None, timeout: int = 60 * 5, preview: bool = True) -> requests.Response
Get the definition of a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to get the kql queryset definition from. |
required |
kql_queryset_id
|
str
|
The id of the kql queryset to get the definition from. |
required |
await_lro
|
bool | None
|
Whether to await the long running operation. |
None
|
timeout
|
int
|
Timeout for the long running operation (seconds). Defaults to 5 minutes. |
60 * 5
|
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |
kql_queryset_update_definition
kql_queryset_update_definition(workspace_id: str, kql_queryset_id: str, kql_queryset_path: str, update_metadata: bool = None, await_lro: bool = None, timeout: int = 60 * 5, preview: bool = True) -> requests.Response
Update the definition of a kql queryset.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
workspace_id
|
str
|
The id of the workspace to update. |
required |
kql_queryset_id
|
str
|
The id of the kql queryset to update. |
required |
kql_queryset_path
|
str
|
The path to the kql queryset to load content from. |
required |
update_metadata
|
bool | None
|
When set to true, the item's metadata is updated using the metadata in the .platform file. |
None
|
await_lro
|
bool | None
|
Whether to await the long running operation. |
None
|
timeout
|
int
|
Timeout for the long running operation (seconds). Defaults to 5 minutes. |
60 * 5
|
preview
|
bool
|
Whether to preview the request. You will be asked to confirm the request before it is executed. Defaults to True. |
True
|
Returns:
| Type | Description |
|---|---|
Response
|
The response from the request. |