{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-access-insights-api-data-resource-query-structure.json", "name": "DataResourceQuery", "description": "Query parameters for a data resource request", "type": "object", "properties": { "query": { "type": "object", "description": "Query definition including filters and time range", "properties": { "properties": { "type": "object", "description": "Property filters for the query", "properties": { "time_range": { "type": "object", "description": "Time range specification for the query", "properties": { "type": { "type": "string", "description": "Type of time range (absolute or relative)", "enum": [ "ABSOLUTE", "RELATIVE" ] }, "value": { "type": "object", "description": "Time range value (required for ABSOLUTE type)", "properties": { "from": { "type": "datetime", "description": "Start of the time range (ISO 8601)" }, "to": { "type": "datetime", "description": "End of the time range (ISO 8601)" } } }, "last": { "type": "object", "description": "Relative time range (required for RELATIVE type)", "properties": { "units": { "type": "string", "description": "Unit of time for relative range", "enum": [ "HOURS", "DAYS", "WEEKS" ] }, "value": { "type": "int32", "description": "Number of units for relative range" } } } }, "required": [ "type" ] }, "filter": { "type": "object", "description": "Filter criteria for the data resource query", "properties": { "operator": { "type": "string", "description": "Logical operator for combining filter rules", "enum": [ "AND", "OR" ] }, "rules": { "type": "array", "description": "List of filter rules", "items": { "type": "object", "properties": { "property": { "type": "string", "description": "Property name to filter on" }, "operator": { "type": "string", "description": "Comparison operator", "enum": [ "equals", "not_equals", "contains", "in", "not_in", "greater_than", "less_than" ] }, "values": { "type": "array", "description": "Values to match against", "items": { "type": "string" } } } } } } } } } } }, "count": { "type": "int32", "description": "Maximum number of results to return", "minimum": 1, "maximum": 1000, "default": 100 }, "histogram": { "type": "object", "description": "Histogram aggregation configuration", "properties": { "property": { "type": "string", "description": "Property to aggregate over" }, "enabledGranularity": { "type": "string", "description": "Time granularity for histogram buckets", "enum": [ "15_MIN", "1_HOUR", "1_DAY" ] } } }, "group_by": { "type": "array", "description": "Properties to group results by", "items": { "type": "string" } }, "sort": { "type": "object", "description": "Sort configuration for results", "properties": { "order": { "type": "string", "enum": [ "asc", "desc" ] }, "property": { "type": "string" } } } } }