How can I use the ArielSearch API in QPYLib to query domains, URL and other related information. Currently, my api_version is v20.0, and the fields that can be queried are as follows:
/ariel/searches/{search_id}:
{
"cursor_id": "35822d91-02aa-44b8-b1d3-603e909b961b",
"status": "COMPLETED",
"compressed_data_file_count": 0,
"compressed_data_total_size": 0,
"data_file_count": 0,
"data_total_size": 0,
"index_file_count": 60,
"index_total_size": 491849,
"processed_record_count": 0,
"desired_retention_time_msec": 86400000,
"progress": 100,
"progress_details": [],
"query_execution_time": 12,
"query_string": "SELECT * FROM events WHERE logsourceid in (167) LIMIT 2000000 START ('2024-05-28 01:00') STOP ('2024-05-28 02:00')",
"record_count": 0,
"size_on_disk": 24,
"save_results": false,
"completed": true,
"subsearch_ids": [],
"snapshot": null,
"search_id": "35822d91-02aa-44b8-b1d3-603e909b961b"
}
and the result api retured:
{
"events": [
{
"starttime": 1716801297718,
"protocolid": 255,
"sourceip": "10.43.176.219",
"logsourceid": 167,
"qid": 1004750002,
"sourceport": 0,
"eventcount": 1,
"magnitude": 6,
"identityip": "0.0.0.0",
"destinationip": "58.221.49.81",
"destinationport": 80,
"category": 19040,
"username": null
}]
}
In addition, I mapped the original log fields in the log source to the newly added DemoDomain field in DSM through the DSM editor.
I want to get the custom DemoDomain field by SDK ariel API. But the returned fields dont't contain DemoDomain field. How can I do?
