aggregate
Creates, updates, deletes, gets or lists an aggregate resource.
Overview
| Name | aggregate |
| Type | Resource |
| Id | cloudflare.cloudforce_one.aggregate |
Fields
The following fields are returned by SELECT queries:
- list
Returns aggregated event data.
| Name | Datatype | Description |
|---|---|---|
count | number | Number of events for this aggregation |
date | string | Date (if groupByDate is true) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | account_id | aggregateBy, datasetId, startDate, endDate, groupByDate, limit | Aggregate threat events by one or more columns (e.g., attacker, targetIndustry) with optional date filtering and daily grouping. Supports multi-dimensional aggregation for cross-analysis. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
aggregateBy | string | Column(s) to aggregate by - single column or comma-separated list (e.g., 'attacker', 'targetIndustry', 'attacker,targetIndustry') |
datasetId | array | Dataset ID(s) to filter by. Can be a single dataset ID, comma-separated list, or array. If not provided, uses default dataset |
endDate | string | End date for filtering (ISO 8601 format, e.g., '2024-12-31') |
groupByDate | boolean | Whether to group results by date (daily aggregation) |
limit | number | Maximum number of results to return |
startDate | string | Start date for filtering (ISO 8601 format, e.g., '2024-01-01') |
SELECT examples
- list
Aggregate threat events by one or more columns (e.g., attacker, targetIndustry) with optional date filtering and daily grouping. Supports multi-dimensional aggregation for cross-analysis.
SELECT
count,
date
FROM cloudflare.cloudforce_one.aggregate
WHERE account_id = '{{ account_id }}' -- required
AND aggregateBy = '{{ aggregateBy }}'
AND datasetId = '{{ datasetId }}'
AND startDate = '{{ startDate }}'
AND endDate = '{{ endDate }}'
AND groupByDate = '{{ groupByDate }}'
AND limit = '{{ limit }}'
;