Topic
  • 1 reply
  • Latest Post - ‏2016-07-11T16:38:24Z by Jason Keirstead (IBM)
learningguardium
learningguardium
1 Post

Pinned topic Dateformat via API

‏2016-06-16T12:56:15Z | dateformat

Hello,

I am trying to run the following query via API, but I get an error. It runs fine via gui, is the dateformat function not supported via API?

[restapi_client]# /opt/qradar/api/bin/apiClientDir/restapi_client/arielquery.py --output csv --no_verify --query='SELECT "Instance (Guardium)", "DATEFORMAT(startTime,'YYYY-MM-d')" FROM events WHERE logSourceId = '6794' LAST 8 HOURS'
  InsecureRequestWarning)
The API returned HTTP code 422, 201 expected.
{
    "message": "Field \"DATEFORMAT(startTime,YYYY-MM-d)\" does not exist in catalog \"events\"\nstance (Guardium)\", \"DATEFORMAT(startTime\n                    ^",
    "code": 2000,
    "details": {
        "line_number": 1,
        "code": 28512,
        "reason": "FieldNotExist",
        "token_text": "DATEFORMAT(startTime,YYYY-MM-d)",
        "query_string": "SELECT \"Instance (Guardium)\", \"DATEFORMAT(startTime,YYYY-MM-d)\" FROM events WHERE logSourceId = 6794 LAST 8 HOURS",
        "start_index": 30
    },
    "http_response": {
        "message": "The request was well-formed but was unable to be followed due to semantic errors",
        "code": 422
    },
    "description": "The query_expression contains invalid AQL syntax."
}

 

  • Jason Keirstead (IBM)
    16 Posts

    Re: Dateformat via API

    ‏2016-07-11T16:38:24Z  

    The DATEFORMAT portion should not be encased in double-quotes, that is the issue.