Start an Export Events Job

POST {{cb_url}}/jobs/v1/orgs/{{cb_org_key}}/jobs/start/event_export

Used with investigate searches - Processes, Process Events, Observations, Auth Events and Enriched Events - to start a search job.

Permission (.notation name)	Operation(s)
jobs.status	READ
org.search.events	CREATE

See Documentation

Request Body

{"api_resource"=>"<choose one: ENRICHED_EVENTS, PROCESSES, PROCESS_EVENTS, AUTH_EVENTS, OBSERVATIONS>", "version"=>"v2", "query"=>{"criteria"=>{}, "exclusions"=>{}, "query"=>"*:*", "time_range"=>{"start"=>"2023-03-26T02:00:00.000Z", "end"=>"2023-03-29T02:06:20.864Z"}, "rows"=>10000, "fields"=>["*"], "sort"=>[{"field"=>"device_timestamp", "order"=>"DESC"}]}}

RESPONSES

status: Created

{&quot;id&quot;:5731438,&quot;type&quot;:&quot;event_export&quot;,&quot;job_parameters&quot;:{&quot;job_parameters&quot;:{&quot;query&quot;:{&quot;criteria&quot;:{},&quot;exclusions&quot;:{},&quot;query&quot;:&quot;*:*&quot;,&quot;time_range&quot;:{&quot;start&quot;:&quot;2023-03-26T02:00:00.000Z&quot;,&quot;end&quot;:&quot;2023-03-29T02:06:20.864Z&quot;},&quot;rows&quot;:10000,&quot;fields&quot;:[&quot;*&quot;],&quot;sort&quot;:[{&quot;field&quot;:&quot;device_timestamp&quot;,&quot;order&quot;:&quot;DESC&quot;}]}},&quot;process_guid&quot;:null,&quot;api_resource&quot;:&quot;OBSERVATIONS&quot;,&quot;version&quot;:&quot;v2&quot;,&quot;search_id&quot;:null},&quot;connector_id&quot;:&quot;12345ABCD&quot;,&quot;org_key&quot;:&quot;ABCD1234&quot;,&quot;status&quot;:&quot;CREATED&quot;,&quot;create_time&quot;:&quot;2023-03-29T03:17:02.978Z&quot;,&quot;last_update_time&quot;:&quot;2023-03-29T03:17:02.979Z&quot;}