Adds a new view as a virtual pane into one or more object groups. Views allow users to define how to explore and query the data with the ChaosSearch Search Analytics interface or through interfaces like the Elastic API.

To list or delete views, use the S3-style endpoints (/V1/). The Bucket endpoints currently require an AWS V4 signature.

Body Params
string
required

Specify a view name.

array of strings
required

Specify the view's source of data, which is a list of one or more object group names.

CAUTION: An empty array causes the view to use ALL object groups.

NOTE: The view name cannot be the same as an existing object group name.

sources*
string
required

An index pattern (regex) that matches and filters sources based on index names.

Example:

Object Group Name: foo
Resulting index names (for daily indexes):
_foo_2020-10-15_
_foo_2020-10-16_

Resulting index names:
_foo_
boolean
Defaults to false

Specifies whether searches against the view are case-sensitive (the default) or case-insensitive when matching values in the view.

Example:

row: {"Foo": "Bar"}

Searching for "Bar" is case-insensitive, but keys such as "Foo" are case-sensitive.

integer
Defaults to -1

A rolling time period that specifies the maximum time range of results for analytics against the view. For example, if the object group retains one month of data, but the time range is 7 days, search results and/or build visualizations return up to 7 days of data. The time window helps users to stay within the relevant window of time for analytics, and can improve performance when searching against the index.

NOTE: The name "indexRetention" is not intended to imply that data outside the time range window might be deleted, the term relates to the view as a virtual object group.

array of objects
Defaults to

Specifies virtual transformations that are applied to data types in the indexed files. These virtual transformations can change or refine the nature of the data for analytics or visualization, without the overhead of re-indexing the data or changing the pipeline.

transforms
string

Contact ChaosSearch Support for assistance with filter definitions.

Example log:

{
  "system": "foo",
  "type": "elb-access",
  "stage": "staging",
}

User allowed to see all data where "system" = "foo", and "type" matches ".*(-access$)" but not
"stage" = "production".

Example:

"filter": {
  "predicate": {
      "field": "attrs.Cluster",
      "query": "au-production",
      "state": {
          "_type": "chaossumo.query.QEP.Predicate.TextMatchState.Exact"
      },
      "_type": "chaossumo.query.NIRFrontend.Request.Predicate.TextMatch"
  }
}
string

Specifies the value to be used as a time-stamp. The indexed structure will have a list of values that can be used for this, but only TIMEVAL values can be used. This value will be chosen via the createView workflow.

boolean
Defaults to false

Flag to indicate whether query results against the view are being cached. When set to true, executing a query in Kibana that uses the same filters and time ranges can have better performance because the system can leverage the cached results from earlier analysis.

boolean
Defaults to false

Indicates that we want to overwrite an existing view with the same name. The view name must be exactly the same, including case-sensitive letters, for the view to be overwritten.

array of strings
Defaults to

Specifies a masking list of one or more view column names to omit from the list of columns in the Search Analytics and/or SQL Analytics filtering and results. Make sure that you specify the complete list of columns to mask in the createView call.

queryMaskedFields
Responses
200

Successful creation of view

Language
Choose an example:
application/json