Skip to main content

Perform a Search Query Aggregation

Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to Paginating Search Queries for more information about how to implement searchAfter paging.

Query Parameters
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
Request Body required
  • indices string[]

    Possible values: [accessprofiles, accountactivities, entitlements, events, identities, roles, *]

    The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.

  • queryType string

    Possible values: [DSL, SAILPOINT, TYPEAHEAD]

    Default value: SAILPOINT

    The type of query to use. By default, the SAILPOINT query type is used, which requires the query object to be defined in the request body. To use the queryDsl or typeAheadQuery objects in the request, you must set the type to DSL or TYPEAHEAD accordingly. Additional values may be added in the future without notice.

  • queryVersion object

    Default value: 5.2

    The current Elasticserver version.

  • query object

    Query parameters used to construct an Elasticsearch query object.

  • query string

    The query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.

  • fields string[]

    The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.

  • timeZone string

    The time zone to be applied to any range query related to dates.

  • innerHit object

    The innerHit query object returns a flattened list of results for the specified nested type.

  • query string required

    The search query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.

  • type string required

    The nested type to use in the inner hits query. The nested type Nested Type refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.

  • queryDsl object

    The search query using the Elasticsearch Query DSL syntax.

  • typeAheadQuery object

    Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job."

  • query string required

    The type ahead query string used to construct a phrase prefix match query.

  • field string required

    The field on which to perform the type ahead search.

  • nestedType string

    The nested type.

  • maxExpansions int32

    Possible values: >= 1 and <= 1000

    Default value: 10

    The number of suffixes the last term will be expanded into. Influences the performance of the query and the number results returned. Valid values: 1 to 1000.

  • includeNested boolean

    Default value: true

    Indicates whether nested objects from returned search results should be included.

  • queryResultFilter object

    Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.

  • includes string[]

    The list of field names to include in the result documents.

  • excludes string[]

    The list of field names to exclude from the result documents.

  • aggregationType string

    Possible values: [DSL, SAILPOINT]

    Default value: DSL

    Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.

    Additional values may be added in the future without notice.

  • aggregationsVersion object

    Default value: 5.2

    The current Elasticserver version.

  • aggregationsDsl object

    The aggregation search query using Elasticsearch Aggregations syntax.

  • aggregations object
  • nested object

    The nested aggregation object.

  • name string required

    The name of the nested aggregate to be included in the result.

  • type string required

    The type of the nested object.

  • metric object

    The calculation done on the results of the query

  • name string required

    The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  • type string

    Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

    Default value: UNIQUE_COUNT

    Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field the calculation is performed on.

    Prefix the field name with '@' to reference a nested object.

  • filter object

    An additional filter to constrain the results of the search query.

  • name string required

    The name of the filter aggregate to be included in the result.

  • type string

    Possible values: [TERM]

    Default value: TERM

    Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  • field string required

    The search field to apply the filter to.

    Prefix the field name with '@' to reference a nested object.

  • value string required

    The value to filter on.

  • bucket object

    The bucket to group the results of the aggregation query by.

  • name string required

    The name of the bucket aggregate to be included in the result.

  • type string

    Possible values: [TERMS]

    Default value: TERMS

    Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field to bucket on. Prefix the field name with '@' to reference a nested object.

  • size int32

    Maximum number of buckets to include.

  • minDocCount int32

    Minimum number of documents a bucket should have.

  • subAggregation object

    Aggregation to be performed on the result of the parent bucket aggregation.

  • nested object

    The nested aggregation object.

  • name string required

    The name of the nested aggregate to be included in the result.

  • type string required

    The type of the nested object.

  • metric object

    The calculation done on the results of the query

  • name string required

    The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  • type string

    Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

    Default value: UNIQUE_COUNT

    Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field the calculation is performed on.

    Prefix the field name with '@' to reference a nested object.

  • filter object

    An additional filter to constrain the results of the search query.

  • name string required

    The name of the filter aggregate to be included in the result.

  • type string

    Possible values: [TERM]

    Default value: TERM

    Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  • field string required

    The search field to apply the filter to.

    Prefix the field name with '@' to reference a nested object.

  • value string required

    The value to filter on.

  • bucket object

    The bucket to group the results of the aggregation query by.

  • name string required

    The name of the bucket aggregate to be included in the result.

  • type string

    Possible values: [TERMS]

    Default value: TERMS

    Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field to bucket on. Prefix the field name with '@' to reference a nested object.

  • size int32

    Maximum number of buckets to include.

  • minDocCount int32

    Minimum number of documents a bucket should have.

  • subAggregation object

    Aggregation to be performed on the result of the parent bucket aggregation.

  • nested object

    The nested aggregation object.

  • name string required

    The name of the nested aggregate to be included in the result.

  • type string required

    The type of the nested object.

  • metric object

    The calculation done on the results of the query

  • name string required

    The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  • type string

    Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

    Default value: UNIQUE_COUNT

    Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field the calculation is performed on.

    Prefix the field name with '@' to reference a nested object.

  • filter object

    An additional filter to constrain the results of the search query.

  • name string required

    The name of the filter aggregate to be included in the result.

  • type string

    Possible values: [TERM]

    Default value: TERM

    Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  • field string required

    The search field to apply the filter to.

    Prefix the field name with '@' to reference a nested object.

  • value string required

    The value to filter on.

  • bucket object

    The bucket to group the results of the aggregation query by.

  • name string required

    The name of the bucket aggregate to be included in the result.

  • type string

    Possible values: [TERMS]

    Default value: TERMS

    Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  • field string required

    The field to bucket on. Prefix the field name with '@' to reference a nested object.

  • size int32

    Maximum number of buckets to include.

  • minDocCount int32

    Minimum number of documents a bucket should have.

  • sort string[]

    The fields to be used to sort the search results. Use + or - to specify the sort direction.

  • searchAfter string[]

    Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]

  • filters object

    The filters to be applied for each filtered field name.

  • property name* object
Responses

Aggregation results.

Response Headers
  • X-Total-Count integer
    Example: 5

    The total result count (returned only if the count parameter is specified as true).


Schema
  • aggregations object

    The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.

    See Elasticsearch Aggregations documentation for information.

  • hits object[]

    The results of the aggregation search query.

    oneOf

  • id string
  • name string
  • _type string

    Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

    Enum representing the currently supported document types.

    Additional values may be added in the future without notice.

  • description string

    The description of the access item

  • created date-time

    A date-time in ISO-8601 format

  • modified date-time

    A date-time in ISO-8601 format

  • synced date-time

    A date-time in ISO-8601 format

  • enabled boolean
  • requestable boolean

    Indicates if the access can be requested

  • requestCommentsRequired boolean

    Indicates if comments are required when requesting access

  • owner object
  • id string
  • name string
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • email string

    The email of the identity

  • source object
  • id string
  • name string
  • entitlements object[]
  • id string
  • name string
  • description string

    A description of the entitlement

  • attribute string

    The name of the entitlement attribute

  • value string

    The value of the entitlement

  • entitlementCount integer
  • tags string[]
Loading...