IDR API how to do Statistical/Groupby Search

jhuang1 · September 27, 2023, 8:15pm

I’m planning to utilize the API to process some data, but I’m unsure about how to execute a LEQL query (including the calculate / groupby) through the API.

In the official documentation, there is mention of a query type called “Statistical Search,” but I couldn’t find any information on how to use it.

I would greatly appreciate it if someone could provide some hints or guidance.

https://docs.rapid7.com/insightidr/log-search-api/

sean_o_brien3 · September 28, 2023, 10:00am

Hi, the groupby/calc is part of the query param and can be just appended directly there as a string. Eg query=where(x)groupby(y) does that help?

response then is with statistics as described here: https://docs.rapid7.com/insightidr/log-search-api/#operation/queryLogsetsByName!c=200&path=1/statistics&t=response