Analytics

Fields

get

Values that can be used for the field parameter in subsequent API calls

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Context of the Fields Request

Possible values:

Responses

200

An object which contains response metadata information and a data array of Fields.

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

get

/api/v1/stats/{context}/fields

GET /api/v1/stats/{context}/fields HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": []
}

Aliases

get

Values that can be used for the field parameter in subsequent search API calls. Aliases are shortcuts for searching multiple fields of a similar nomenclature. Examples:

ip == 8.8.8.8 will be interpolated to create a search of (dstip = 8.8.8.8 or srcip = 8.8.8.8)
ipname == myipname will create a search of (dstipname = myipname or srcipname = myipname)
as.number will search the fields dstas.number, dstowneras.number, srcas.number, and srcowneras.number

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Context of the Fields Request, e.g. flow

Possible values:

Responses

200

An object which contains response metadata information and a data array of Fields.

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

get

/api/v1/stats/{context}/aliases

GET /api/v1/stats/{context}/aliases HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": []
}

Metrics

get

Values that can be used for the metric parameter in subsequent search API calls

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Context of the Metrics Request

Possible values:

Responses

200

An object which contains response metadata information and a data array of Fields.

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

get

/api/v1/stats/{context}/metrics

GET /api/v1/stats/{context}/metrics HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": []
}

Time Series

post

Request data as a time series. This is used for charts and graphs.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Data category or event type to query (e.g., alerts, audit logs, blocked traffic, network flows, DNS queries)

Possible values:

Body

startintegerRequired

Start time for this time series. Negative for lookback (Eg. -3600 for 1 hour ago) or timestamp in milliseconds.

Example: -3600

endintegerRequired

End time for this time series. Negative for lookback (Eg. -3600 for 1 hour ago), 0 for NOW or timestamp in milliseconds.

Example: 3600

formatstring · enumOptional

Series data can be provided in a variety of formats which are native to some charting libraries. e.g. amcharts or highcharts

Default: highchartsExample: highchartsPossible values:

Responses

200

An object which contains response metadata information and a data object containing the Time Series array.

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

post

/api/v1/stats/{context}/ts

POST /api/v1/stats/{context}/ts HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 263

{
  "start": -3600,
  "end": 3600,
  "format": "highcharts",
  "series": [
    {
      "name": "my-series-name",
      "field": [
        "dstip",
        "dstport"
      ],
      "field_separator": "||",
      "interval": 5,
      "ipagg": {
        "cidr": 8,
        "field": "text"
      },
      "metric": "flowrate",
      "search": [
        "dstip == 192.168.0.0/16"
      ],
      "size": 10,
      "sort": "asc"
    }
  ]
}

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": [
    {
      "data": [
        {
          "key": "10.0.18.80",
          "value": 10669651
        }
      ]
    }
  ]
}

Aggregations

post

Get summarized statistics by aggregating data for the specified context over a given time range. Returns computed metrics like counts, sums, averages, etc. rather than individual events.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Data category or event type to query (e.g., alerts, audit logs, blocked traffic, network flows, DNS queries)

Possible values:

Body

startintegerRequired

Start time for this time series. Negative for lookback (Eg. -3600 for 1 hour ago) or timestamp in milliseconds.

Example: -3600

endintegerRequired

End time for this time series. Negative for lookback (Eg. -3600 for 1 hour ago), 0 for NOW or timestamp in milliseconds.

Example: 0

formatstring · enumOptional

Series data can be provided in a variety of formats which are native to some charting libraries. e.g. amcharts or highcharts

Default: highchartsExample: highchartsPossible values:

Responses

200

An object which contains response metadata information and a data object containing the Aggregation array.

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

post

/api/v1/stats/{context}/agg

POST /api/v1/stats/{context}/agg HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 259

{
  "start": -3600,
  "end": 0,
  "format": "highcharts",
  "series": [
    {
      "name": "my-agg-name",
      "field": [
        "dstip",
        "dstport"
      ],
      "field_separator": "||",
      "interval": 5,
      "ipagg": {
        "cidr": 8,
        "field": "srcip"
      },
      "metric": "flowrate",
      "search": [
        "dstip == 192.168.0.0/16"
      ],
      "size": 10,
      "sort": "desc"
    }
  ]
}

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": [
    {
      "interval": "10m",
      "label": "srcip",
      "metric": "flows",
      "name": "srcip",
      "series": "flow-agg-test",
      "data": [
        {
          "key": "10.0.18.80",
          "value": 10669651
        }
      ]
    }
  ]
}

PreviousAuthentication NextRaw Records Search

Last updated 8 hours ago

Good evening

Fields

Aliases

Metrics

Time Series

Aggregations