Optional additionalAdditional filters appended to the query at evaluation time.
Optional additionalA container for additional, undeclared properties. This is a holder for any undeclared properties as specified with the 'additionalProperties' keyword in the OAS document.
Optional aggregationThe aggregation type.
Optional correlatedFields used to correlate results across queries in sequence detection rules.
Optional correlatedZero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9.
Optional customCustom query extension used to refine the base query.
Optional dataSource of events, either logs, audit trail, security signals, or Datadog events. app_sec_spans is deprecated in favor of spans.
Optional datasetIDs of reference datasets used by this query.
Optional distinctField for which the cardinality is measured. Sent as an array.
Optional groupFields to group by.
Optional hasWhen false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with N/A, replacing the missing values.
Optional indexIndex used to load the data for this query.
Optional indexesIndexes used to load the data for this query. Mutually exclusive with index.
Optional metricsGroup of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.
Optional nameName of the query.
Optional queryQuery to run on logs.
Optional queryLanguage used to parse the query string.
Generated using TypeDoc
Query for selecting logs analyzed by the historical job.