-
Notifications
You must be signed in to change notification settings - Fork 19
Templates
Use report templates to run sets of simple, predefined search queries from the CLI. Reports are most useful when you don't care about the search results returned from a query and you only want to know the count of results.
This is an example of a report template:
[
{
"name": "provisioning-and-security",
"description": "All account unlocks in the tenant for a given time range",
"variables": [{"name": "days", "prompt": "Days before today"}],
"queries": [
{
"queryString": "(type:provisioning AND created:[now-{{days}}d TO now])",
"queryTitle": "Provisioning Events for the last {{days}} days"
},
{
"queryString": "(USER_UNLOCK_PASSED AND created:[now-{{days}}d TO now])",
"queryTitle": "User Unlocks for the last {{days}} days"
}
]
}
]This is the report template anatomy:
[
{
"name": "provisioning-and-security",This is the report template's name.
It displays in the template list when you run sail report.
You can also provide the name as an argument: sail report provisioning-and-security
"description": "All account unlocks in the tenant for a given time range",This is the report template's description.
It displays following the template name in the sail report list.
"variables": [{"name": "days", "prompt": "Days before today"}],Use variables to dynamically populate values in the following content during command run time.
For example, the variable in this template is configured so you can choose how many days back you want to search for provisioning-and-security events. When you run sail report provisioning-and-security, a prompt displays, Input Days before today: The number you enter will then populate anywhere the variable is used in the following object, and then the query runs.
"queries": [
{
"queryString": "(type:provisioning AND created:[now-{{days}}d TO now])",
"queryTitle": "Provisioning Events for the last {{days}} days"
},
{
"queryString": "(USER_UNLOCK_PASSED AND created:[now-{{days}}d TO now])",
"queryTitle": "User Unlocks for the last {{days}} days"
}
]
}
]This is a list of the queries that will run. Currently, the variables for days populate.
Use search templates to run predefined search queries from the CLI.
This is an example of a template file with 3 search templates populated:
[
{
"name": "all-account-unlocks",
"description": "All account unlocks in the tenant for a given time range",
"variables": [{"name": "days", "prompt": "Days before today"}],
"searchQuery": {
"indices": ["events"],
"queryType": null,
"queryVersion": null,
"query": {
"query": "(USER_UNLOCK_PASSED AND created:[now-{{days}}d TO now])"
},
"sort": [],
"searchAfter": []
}
},
{
"name": "all-provisioning-events",
"description": "All provisioning events in the tenant for a given time range",
"variables": [{"name": "days", "prompt": "Days before today"}],
"searchQuery": {
"indices": ["events"],
"queryType": null,
"queryVersion": null,
"query": {
"query": "(type:provisioning AND created:[now-{{days}}d TO now])"
},
"sort": [],
"searchAfter": []
}
},
{
"name": "all-provisioning-events-90-days",
"description": "All provisioning events in the tenant for a given time range",
"variables": [],
"searchQuery": {
"indices": ["events"],
"queryType": null,
"queryVersion": null,
"query": {
"query": "(type:provisioning AND created:[now-90d TO now])"
},
"sort": [],
"searchAfter": []
}
}
]This is the search template anatomy:
{
"name": "all-account-unlocks",This is the search template's name.
It displays in the template list when you run sail search template.
You can also provide this name as an argument: sail search template all-account-unlocks
"description": "All account unlocks in the tenant for a given time range"This is the search template's description.
It displays following the template name in the sail search template list.
"variables": [{"name": "days", "prompt": "Days before today"}],Use variables to dynamically populate values in the following content during command run time.
For example, the variable in this template is configured so you can choose how many days back you want to search for account unlock events. When you run sail search template all-account-unlocks, a prompt displays, Input Days before today: The number you enter will then populate anywhere the variable is used in the following object, and then the query runs.
"searchQuery": {
"indices": ["events"],
"queryType": null,
"queryVersion": null,
"query": {
"query": "(USER_UNLOCK_PASSED AND created:[now-{{days}}d TO now])" },
"sort": [], "searchAfter": []
}
}Everything inside this searchQuery object matches the standard format of an Identity Security Cloud search query. A limited number of examples are provided here, but the searchQuery object is mapped to the full search object. This means that you can add any search query values missing from this object.
Use SPConfig templates to perform complex import and export operations with Identity Security Cloud (ISC) configurations.
This is an example of a template file with one SPConfig template populated:
[
{
"name": "all-objects",
"description": "Export all available objects",
"variables": [],
"exportBody": {
"description": "Export all available objects",
"excludeTypes": [],
"includeTypes": [
"SOURCE",
"RULE",
"TRIGGER_SUBSCRIPTION",
"TRANSFORM",
"IDENTITY_PROFILE"
],
"objectOptions": {}
}
}
]This is the SPConfig template anatomy:
{
"name": "all-objects",This is the SPConfig template's name.
The SPConfig template name displays in the template list when you run sail spconfig template.
You can also provide this name as an argument: sail spconfig template all-objects
"description": "Export all available objects",This is the SPConfig template's description.
in the sail spconfig template list
"variables": [],Use variables to dynamically populate values in the following content during command run time.
"exportBody": {The following object matches that detailed in the API docs
"description": "Export all available objects",
"excludeTypes": [],
"includeTypes": [
"SOURCE",
"RULE",
"TRIGGER_SUBSCRIPTION",
"TRANSFORM",
"IDENTITY_PROFILE"
],
"objectOptions": {}
}
}
- API
-
Authentication
- Find your tenant's OAuth details
- Generate a personal access token
- Choose authorization grant flow
- Request access token with client credentials grant flow
- Request access token with authorization code grant flow
- Request access token with refresh token grant flow
- OAuth token response
- More Information
- Troubleshooting
- Clusters
- Connectors
- Getting Started
- Sanitize
- Search
- Set
- SPConfig
- Transforms
- VA
- Workflows
- Templates