WSS Download API syntax: Retrieve Older Data Query
Article ID: 244225
Updated On:
Products
Issue/Introduction
As an administrator, I would like to know how to find the epoch millisecond filenames and use the Download API.
Environment
Cloud SWG formerly known as (Web Security Service)
Download API
Resolution
You can use the API to retrieve any number of days or hours as far back as data retention allows. Epoch milliseconds are expected to be the start of the hour or the start of the day. If you supply middle epoch milliseconds, they are rounded back to the beginning of that hour or day (depending on the given parameter). The Download API does not have any size or time limit. The API continues to stream the data until it is complete. The API does not return the current hour and the previous hour.
The API downloads a ZIP archive that contains a collection of compressed text-based log lines (GZIPs). The events use the ELFF format. The Download API provides only whole-hour files. The simple file name format specifies the year, month, day, and hour of each GZIP hour file. The hour, minute, and second fields are still provided in the name, but they are comprised of zeros.
You can use https://www.
Input:
Output:
Generate an API Key:
Query:
- Where api_username and api_password are the credentials that were generated in the Token.
- Where epoch is the log file name. For example: 1635249600000,1635253200000.
Use the following syntax if you are using the URL Parameters method:
https://portal.threatpulse.com/reportpod/logs/download?apiUsername=API_USERNAME&apiPassword=API_PASSWORD&type=hour&items=1652313600000,1652317200000,1652320800000,1652324400000,1652328000000,1652331600000,1652335200000,1652338800000,1652342400000,1652346000000,1652349600000,1652353200000,1652356800000,1652360400000,1652364000000,1652367600000,1652371200000,1652374800000,1652378400000,1652382000000,1652385600000,1652389200000,1652392800000,1652396400000
Feedback
