queries

Creates, updates, deletes, gets or lists a queries resource.

Overview

Name	queries
Type	Resource
Id	cloudflare.cloudforce_one.queries

Fields

The following fields are returned by SELECT queries:

get

Returns the event query.

Name	Datatype	Description
id	integer	Unique identifier for the saved query
name	string	Name of the saved query
account_id	integer	Account ID
custom_threat_feed_id	integer	Intel Indicator Feed ID (numeric)
rule_list_id	string	WAF rules list ID for blocking
alert_enabled	boolean	Whether alerts are enabled
alert_rollup_enabled	boolean	Whether alert rollup is enabled
created_at	string	Creation timestamp
query_json	string	JSON string containing the query parameters
rule_enabled	boolean	Whether rule is enabled
rule_scope	string	Scope for the rule
updated_at	string	Last update timestamp
user_email	string	Email of the user who created the query

list

Returns a list of event queries.

Name	Datatype	Description
id	integer	Unique identifier for the saved query
name	string	Name of the saved query
account_id	integer	Account ID
custom_threat_feed_id	integer	Intel Indicator Feed ID (numeric)
rule_list_id	string	WAF rules list ID for blocking
alert_enabled	boolean	Whether alerts are enabled
alert_rollup_enabled	boolean	Whether alert rollup is enabled
created_at	string	Creation timestamp
query_json	string	JSON string containing the query parameters
rule_enabled	boolean	Whether rule is enabled
rule_scope	string	Scope for the rule
updated_at	string	Last update timestamp
user_email	string	Email of the user who created the query

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
get	select	account_id, query_id		Retrieve a saved event query by its ID
list	select	account_id		Retrieve all saved event queries for the account
post_event_query_update	insert	account_id, query_id		Update an existing saved event query by its ID
patch_event_query_update	update	account_id, query_id		Update an existing saved event query by its ID
delete_event_query_delete	delete	account_id, query_id		Delete a saved event query by its ID
create	exec	account_id, name, query_json, alert_enabled, alert_rollup_enabled, rule_enabled		Create a new saved event query for the account

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
account_id	string	The Cloudflare account ID.
query_id	integer	Event query ID

SELECT examples

get

Retrieve a saved event query by its ID

SELECT
id,
name,
account_id,
custom_threat_feed_id,
rule_list_id,
alert_enabled,
alert_rollup_enabled,
created_at,
query_json,
rule_enabled,
rule_scope,
updated_at,
user_email
FROM cloudflare.cloudforce_one.queries
WHERE account_id = '{{ account_id }}' -- required
AND query_id = '{{ query_id }}' -- required
;

list

Retrieve all saved event queries for the account

SELECT
id,
name,
account_id,
custom_threat_feed_id,
rule_list_id,
alert_enabled,
alert_rollup_enabled,
created_at,
query_json,
rule_enabled,
rule_scope,
updated_at,
user_email
FROM cloudflare.cloudforce_one.queries
WHERE account_id = '{{ account_id }}' -- required
;

INSERT examples

post_event_query_update

Update an existing saved event query by its ID

INSERT INTO cloudflare.cloudforce_one.queries (
alert_enabled,
alert_rollup_enabled,
name,
query_json,
rule_enabled,
rule_scope,
account_id,
query_id
)
SELECT 
{{ alert_enabled }},
{{ alert_rollup_enabled }},
'{{ name }}',
'{{ query_json }}',
{{ rule_enabled }},
'{{ rule_scope }}',
'{{ account_id }}',
'{{ query_id }}'
RETURNING
id,
name,
account_id,
custom_threat_feed_id,
rule_list_id,
alert_enabled,
alert_rollup_enabled,
created_at,
query_json,
rule_enabled,
rule_scope,
updated_at,
user_email
;

Manifest

# Description fields are for documentation purposes
- name: queries
props:
  - name: account_id
    value: "{{ account_id }}"
    description: Required parameter for the queries resource.
  - name: query_id
    value: {{ query_id }}
    description: Required parameter for the queries resource.
  - name: alert_enabled
    value: {{ alert_enabled }}
    description: |
      Enable alerts for this query
  - name: alert_rollup_enabled
    value: {{ alert_rollup_enabled }}
    description: |
      Enable alert rollup for this query
  - name: name
    value: "{{ name }}"
    description: |
      Unique name for the saved query
  - name: query_json
    value: "{{ query_json }}"
    description: |
      JSON string containing the query parameters
  - name: rule_enabled
    value: {{ rule_enabled }}
    description: |
      Enable rule for this query
  - name: rule_scope
    value: "{{ rule_scope }}"
    description: |
      Scope for the rule

UPDATE examples

patch_event_query_update

Update an existing saved event query by its ID

UPDATE cloudflare.cloudforce_one.queries
SET 
alert_enabled = {{ alert_enabled }},
alert_rollup_enabled = {{ alert_rollup_enabled }},
name = '{{ name }}',
query_json = '{{ query_json }}',
rule_enabled = {{ rule_enabled }},
rule_scope = '{{ rule_scope }}'
WHERE 
account_id = '{{ account_id }}' --required
AND query_id = '{{ query_id }}' --required
RETURNING
id,
name,
account_id,
custom_threat_feed_id,
rule_list_id,
alert_enabled,
alert_rollup_enabled,
created_at,
query_json,
rule_enabled,
rule_scope,
updated_at,
user_email;

DELETE examples

delete_event_query_delete

Delete a saved event query by its ID

DELETE FROM cloudflare.cloudforce_one.queries
WHERE account_id = '{{ account_id }}' --required
AND query_id = '{{ query_id }}' --required
;

Lifecycle Methods

create

Create a new saved event query for the account

EXEC cloudflare.cloudforce_one.queries.create 
@account_id='{{ account_id }}' --required 
@@json=
'{
"alert_enabled": {{ alert_enabled }}, 
"alert_rollup_enabled": {{ alert_rollup_enabled }}, 
"name": "{{ name }}", 
"query_json": "{{ query_json }}", 
"rule_enabled": {{ rule_enabled }}, 
"rule_scope": "{{ rule_scope }}"
}'
;