/*
* CrowdStrike API Specification
*
* Use this API specification as a reference for the API endpoints you can use to interact with your Falcon environment. These endpoints support authentication via OAuth2 and interact with detections and network containment. For detailed usage guides and examples, see our [documentation inside the Falcon console](https://falcon.crowdstrike.com/support/documentation). To use the APIs described below, combine the base URL with the path shown for each API endpoint. For commercial cloud customers, your base URL is `https://api.crowdstrike.com`. Each API endpoint requires authorization via an OAuth2 token. Your first API request should retrieve an OAuth2 token using the `oauth2/token` endpoint, such as `https://api.crowdstrike.com/oauth2/token`. For subsequent requests, include the OAuth2 token in an HTTP authorization header. Tokens expire after 30 minutes, after which you should make a new token request to continue making API requests.
*
* The version of the OpenAPI document: rolling
*
* Generated by: https://openapi-generator.tech
*/
use crate::models;
#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
pub struct DetectsapiAggregateAlertQueryRequest {
/// DateRanges applies to date_range aggregations.
#[serde(rename = "date_ranges")]
pub date_ranges: Vec<models::MsaDateRangeSpec>,
/// Exclude Post-filtering on queried fields
#[serde(rename = "exclude")]
pub exclude: String,
/// Field applies for example to date_histogram and range aggregations.
#[serde(rename = "field")]
pub field: String,
/// FQL query specifying the filter parameters.
#[serde(rename = "filter")]
pub filter: String,
/// used in bucket sort aggregations as an offset
#[serde(rename = "from")]
pub from: i32,
/// Include Post-filtering on queried fields
#[serde(rename = "include")]
pub include: String,
/// Interval applies for example to date_histogram aggregations (uses calendar_interval). Possible values: year, month, week, day, hour, minute.
#[serde(rename = "interval")]
pub interval: String,
/// only return terms that match less than a configured number of hits.
#[serde(rename = "max_doc_count", skip_serializing_if = "Option::is_none")]
pub max_doc_count: Option<i64>,
/// only return terms that match more than a configured number of hits.
#[serde(rename = "min_doc_count", skip_serializing_if = "Option::is_none")]
pub min_doc_count: Option<i64>,
/// Missing is a value for missing term field. The behavior that query should return if the document does not have the field in the query
#[serde(rename = "missing")]
pub missing: String,
/// Name of the aggregate query
#[serde(rename = "name")]
pub name: String,
/// represents full text query
#[serde(rename = "q")]
pub q: String,
/// Ranges applies to range aggregations.
#[serde(rename = "ranges")]
pub ranges: Vec<models::MsaRangeSpec>,
/// how many term buckets should be returned.
#[serde(rename = "size")]
pub size: i32,
/// Sort spec, ex: 'pattern_id|desc'.
#[serde(rename = "sort")]
pub sort: String,
/// sub aggregate alert query.
#[serde(rename = "sub_aggregates")]
pub sub_aggregates: Vec<models::DetectsapiAggregateAlertQueryRequest>,
/// TimeZone timezone to specify when bucketing results.
#[serde(rename = "time_zone")]
pub time_zone: String,
/// Datastore supported value types: term, terms, date_histogram, facet, range, cardinality. Exact allowed values specific to endpoint.
#[serde(rename = "type")]
pub r#type: String,
}
impl DetectsapiAggregateAlertQueryRequest {
pub fn new(
date_ranges: Vec<models::MsaDateRangeSpec>,
exclude: String,
field: String,
filter: String,
from: i32,
include: String,
interval: String,
missing: String,
name: String,
q: String,
ranges: Vec<models::MsaRangeSpec>,
size: i32,
sort: String,
sub_aggregates: Vec<models::DetectsapiAggregateAlertQueryRequest>,
time_zone: String,
r#type: String,
) -> DetectsapiAggregateAlertQueryRequest {
DetectsapiAggregateAlertQueryRequest {
date_ranges,
exclude,
field,
filter,
from,
include,
interval,
max_doc_count: None,
min_doc_count: None,
missing,
name,
q,
ranges,
size,
sort,
sub_aggregates,
time_zone,
r#type,
}
}
}