59 lines
2.2 KiB
PowerShell
59 lines
2.2 KiB
PowerShell
|
function Receive-GraylogSearchJob {
|
||
|
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Retrieves the results of a search job in Graylog.
|
||
|
|
.DESCRIPTION
|
||
|
|
Retrieves the results of a search job in Graylog using the provided SearchId, QueryId, and Filter
|
||
|
|
Alternatively, a PSCustomObject containing the SearchId, QueryId, and FilterId can be provided to retrieve the results.
|
||
|
|
.PARAMETER Job
|
||
|
|
A PSCustomObject containing the SearchId, QueryId, and FilterId of the search job. This parameter cannot be used with the other *Id parameters.
|
||
|
|
.PARAMETER SearchId
|
||
|
|
The ID of the search job to retrieve the results for.
|
||
|
|
.PARAMETER QueryId
|
||
|
|
The ID of the query to retrieve the results for.
|
||
|
|
.PARAMETER FilterId
|
||
|
|
The ID of the filter to retrieve the results for.
|
||
|
|
.OUTPUTS
|
||
|
|
The results of the search job.
|
||
|
|
.EXAMPLE
|
||
|
|
Receive-GraylogSearchJob -Job $Job
|
||
|
|
Retrieves the results of the search job using the provided PSCustomObject containing the SearchId, QueryId, and FilterId.
|
||
|
|
.EXAMPLE
|
||
|
|
Receive-GraylogSearchJob -SearchId "..." -QueryId "..." -FilterId ".."
|
||
|
|
Retrieves the results of the search job with the provided SearchId, QueryId, and FilterId.
|
||
|
|
.NOTES
|
||
|
|
The SearchId, QueryId, and FilterId are used to retrieve the results of the search job using the Receive-GraylogJob function.
|
||
|
|
These can either be provided as the Job parameter, or as individual parameters.
|
||
|
|
#>
|
||
|
|
param (
|
||
|
|
[Parameter(Mandatory, ParameterSetName="ByPSCustomObject", ValueFromPipeline, ValueFromRemainingArguments)]
|
||
|
|
[PSCustomObject]
|
||
|
|
$Job,
|
||
|
|
|
||
|
|
[Parameter(Mandatory={-NOT $Job}, ParameterSetName="ById")]
|
||
|
|
[string]
|
||
|
|
$SearchId,
|
||
|
|
|
||
|
|
[Parameter(Mandatory={-NOT $Job}, ParameterSetName="ById")]
|
||
|
|
[string]
|
||
|
|
$QueryId,
|
||
|
|
|
||
|
|
[Parameter(Mandatory={-NOT $Job}, ParameterSetName="ById")]
|
||
|
|
[string]
|
||
|
|
$FilterId
|
||
|
|
)
|
||
|
|
if ($PSCmdlet.ParameterSetName -eq "ByPSCustomObject") {
|
||
|
|
$SearchId = $Job.SearchId
|
||
|
|
$QueryId = $Job.QueryId
|
||
|
|
$FilterId = $Job.FilterId
|
||
|
|
}
|
||
|
|
$Body = ConvertTo-Json @{
|
||
|
|
global_override = @{ keep_queries = @($QueryId) }
|
||
|
|
parameter_bindings = @{}
|
||
|
|
}
|
||
|
|
$Response = Invoke-GraylogRequest POST "/views/search/$SearchId/execute" $Body
|
||
|
|
$Data = $Response.results.$QueryId.search_types.$FilterId
|
||
|
|
if ($Data.total_results -eq 0) { throw "No results found for the search job '$SearchId'." }
|
||
|
|
return $Data.messages.message
|
||
|
|
}
|