Create Search Job

POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/observations/search_jobs

Creates an observations search job. The results for the search job may be requested using the query ID returned. This route will not request facets.

RBAC Permissions Required

Permission (.notation name)	Operation(s)
org.search.events	READ, CREATE

Request Schema

{
    "criteria": "",
    "exclusions": "",
    "fields": ["", ""],
    "query": "",
    "rows": "",
    "sort": [
        {
            "field": "",
            "order": ""
        },
        {
            "field": "",
            "order": ""
        }
    ],
    "start": "",
    "time_range": {
        "end": "",
        "start": "",
        "window": ""
    }
}API DocumentationInformation on Fields

Request Body

{"criteria"=>{"device_name"=>["Win7x64"]}, "query"=>"process_name:svchost.exe", "fields"=>["*", "process_start_time"], "sort"=>[{"field"=>"device_timestamp", "order"=>"asc"}], "rows"=>10000, "start"=>0, "time_range"=>{"end"=>"2020-01-27T18:34:04Z", "start"=>"2020-01-18T18:34:04Z"}}

RESPONSES

status: OK

{&quot;job_id&quot;:&quot;0c6cf646-d97b-4ea6-89c0-6f0286d64339-sqs&quot;}