/*
* CrowdStrike API Specification
*
* Use this API specification as a reference for the API endpoints you can use to interact with your Falcon environment. These endpoints support authentication via OAuth2 and interact with detections and network containment. For detailed usage guides and examples, see our [documentation inside the Falcon console](https://falcon.crowdstrike.com/support/documentation). To use the APIs described below, combine the base URL with the path shown for each API endpoint. For commercial cloud customers, your base URL is `https://api.crowdstrike.com`. Each API endpoint requires authorization via an OAuth2 token. Your first API request should retrieve an OAuth2 token using the `oauth2/token` endpoint, such as `https://api.crowdstrike.com/oauth2/token`. For subsequent requests, include the OAuth2 token in an HTTP authorization header. Tokens expire after 30 minutes, after which you should make a new token request to continue making API requests.
*
* The version of the OpenAPI document: rolling
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct ApiQueryJobInput {
/// Enables some LogScale functions, such as head() and tail(), to stop processing all data in the selected timeframe and exit the query early
#[serde(rename = "allowEventSkipping", skip_serializing_if = "Option::is_none")]
pub allow_event_skipping: Option<bool>,
/// JSON blob with parameters defined in query
#[serde(rename = "arguments", skip_serializing_if = "Option::is_none")]
pub arguments: Option<serde_json::Value>,
#[serde(rename = "around", skip_serializing_if = "Option::is_none")]
pub around: Option<Box<models::ApiQueryJobAroundInput>>,
/// The number of buckets the system should create during live query searches, when no other explicit bucketing aggregate is specified
#[serde(rename = "autobucketCount", skip_serializing_if = "Option::is_none")]
pub autobucket_count: Option<i64>,
/// The date and time to use as the ending point of the search results
#[serde(rename = "end", skip_serializing_if = "Option::is_none")]
pub end: Option<String>,
/// The end date and time applied for @ingesttimestamp
#[serde(rename = "ingestEnd", skip_serializing_if = "Option::is_none")]
pub ingest_end: Option<String>,
/// The end date and time applied for @ingesttimestamp
#[serde(rename = "ingestStart", skip_serializing_if = "Option::is_none")]
pub ingest_start: Option<String>,
/// Sets whether this query is live. Defaults to false . Live queries are continuously updated.
#[serde(rename = "isLive", skip_serializing_if = "Option::is_none")]
pub is_live: Option<bool>,
/// The CQL query to use for the search
#[serde(rename = "queryString")]
pub query_string: String,
/// The date and time to use as the starting point of the search results
#[serde(rename = "start", skip_serializing_if = "Option::is_none")]
pub start: Option<String>,
/// The time zone to use if start and end times are not specified in milliseconds. Eg: UTC
#[serde(rename = "timeZone", skip_serializing_if = "Option::is_none")]
pub time_zone: Option<String>,
/// A positive or negative number representing how many minutes a given time zone is ahead or behind Coordinated Universal Time (UTC)
#[serde(
rename = "timeZoneOffsetMinutes",
skip_serializing_if = "Option::is_none"
)]
pub time_zone_offset_minutes: Option<i64>,
/// When set to true, the event’s ingestStart and ingestEnd times are used as the basis for the query timespan rather than the start and end timestamps
#[serde(rename = "useIngestTime", skip_serializing_if = "Option::is_none")]
pub use_ingest_time: Option<bool>,
}
impl ApiQueryJobInput {
pub fn new(query_string: String) -> ApiQueryJobInput {
ApiQueryJobInput {
allow_event_skipping: None,
arguments: None,
around: None,
autobucket_count: None,
end: None,
ingest_end: None,
ingest_start: None,
is_live: None,
query_string,
start: None,
time_zone: None,
time_zone_offset_minutes: None,
use_ingest_time: None,
}
}
}