From 56d07f25895278d3ae433833509838b72c559742 Mon Sep 17 00:00:00 2001 From: Andy Wick Date: Sat, 23 Nov 2024 12:06:44 -0500 Subject: [PATCH] new docs --- _wiki/api_cont3xt_docs.md | 1 + _wiki/api_viewer_docs.md | 166 +++++++++++++++----------------------- _wiki/install.md | 2 + 3 files changed, 66 insertions(+), 103 deletions(-) diff --git a/_wiki/api_cont3xt_docs.md b/_wiki/api_cont3xt_docs.md index 06d7f10..6d51307 100644 --- a/_wiki/api_cont3xt_docs.md +++ b/_wiki/api_cont3xt_docs.md @@ -662,6 +662,7 @@ The settings for an integration for the logged in user | Param | Type | Description | | --- | --- | --- | | globalConfiged | boolean | Whether integration is configured globally across cont3xt users or by this user (if a user has changed the settings for an integration, this if false) | +| locked | boolean | Whether integration is locked. Locked integrations use the globally configured settings. Users cannot update locked integrations. Any previously configured settings for locked integrations will be ignored in favor of the global configuration. | | homePage | string | The link to the home page for this integration so a user can learn more | | settings | object | The setting field definitions for this integration | | values | object | The values that map to the setting fields for this integration (empty object if not set) | diff --git a/_wiki/api_viewer_docs.md b/_wiki/api_viewer_docs.md index aa70f69..9cca977 100644 --- a/_wiki/api_viewer_docs.md +++ b/_wiki/api_viewer_docs.md @@ -404,20 +404,6 @@ Gets a list of PCAP files that Arkime knows about. | recordsTotal | number| The total number of files Arkime knows about | | recordsFiltered | number| The number of files returned in this result | - - -## /:nodeName/:fileNum/filesize API - -GET - /api/:nodeName/:fileNum/filesize - -Retrieves the filesize of a PCAP file. - -**Returns**: - -| Name | Type | Description | -| --- | --- | --- | -| filesize | number| The size of the file ( | - ## /valueactions API @@ -1551,6 +1537,21 @@ Include OpenSearch/Elasticsearch node by ip or name (admin only). | success | boolean| Whether include node operation was successful. | | text | string| The success/error message to (optionally) display to the user. | + + +## /esshards/:index/:shard/delete API + +POST - /api/esshards/:index/:shard/delete + +Delete OpenSearch/Elasticsearch (admin only). + +**Returns**: + +| Name | Type | Description | +| --- | --- | --- | +| success | boolean| Whether include node operation was successful. | +| text | string| The success/error message to (optionally) display to the user. | + ## /esrecovery API @@ -1637,126 +1638,69 @@ Updates an Arkime user's settings. | success | boolean| Whether the update user settings operation was successful. | | text | string| The success/error message to (optionally) display to the user. | - + -## /user/columns API +## /user/layouts/:type API -GET - /api/user/columns +GET - /api/user/layouts/:type -Retrieves user configured custom Sessions column configurations. +Retrieves a user configured layouts. +Valid layouts are: sessionstable, sessionsinfofields, spiview **Returns**: | Name | Type | Description | | --- | --- | --- | -| columnConfigs | [Array.<ArkimeColumnConfig>](#ArkimeColumnConfig)| The custom Sessions column configurations. | +| layout | Array| The user configured layout | - + -## /user/column API +## /user/layouts/:type API -POST - /api/user/column +POST - /api/user/layouts/:type -Creates a new user configured custom Sessions column configuration. +Creates a new user configured layout. +Valid layouts are: sessionstable, sessionsinfofields, spiview **Returns**: | Name | Type | Description | | --- | --- | --- | -| success | boolean| Whether the create column configuration operation was successful. | -| text | string| The success/error message to (optionally) display to the user. | -| name | string| The name of the new custom Sessions column configuration. | - - - -## /user/column/:name API - -PUT - /api/user/column/:name - -Updates a user configured custom Sessions column configuration. - -**Returns**: - -| Name | Type | Description | -| --- | --- | --- | -| success | boolean| Whether the update column configuration operation was successful. | -| text | string| The success/error message to (optionally) display to the user. | -| colConfig | [ArkimeColumnConfig](#ArkimeColumnConfig)| The udpated custom Sessions column configuration. | - - - -## /user/column/:name API - -DELETE - /api/user/column/:name - -Deletes a user configured custom Sessions column configuration. - -**Returns**: - -| Name | Type | Description | -| --- | --- | --- | -| success | boolean| Whether the delete Sessions column configuration operation was successful. | -| text | string| The success/error message to (optionally) display to the user. | - - - -## /user/spiview API - -GET - /api/user/spiview - -Retrieves a user configured SPI View fields configuration. - -**Returns**: - -| Name | Type | Description | -| --- | --- | --- | -| spiviewFieldConfigs | Array| User configured SPI View field configuration. | - - - -## /user/spiview API - -POST - /api/user/spiview - -Create a user configured SPI View fields configuration. - -**Returns**: - -| Name | Type | Description | -| --- | --- | --- | -| success | boolean| Whether the update SPI View fields configuration operation was successful. | +| success | boolean| Whether the operation was successful. | | text | string| The success/error message to (optionally) display to the user. | -| name | string| The name of the new SPI View fields configuration. | +| layout | object| The new layout configuration. | - + -## /user/spiview/:name API +## /user/layouts/:type API -PUT - /api/user/spiview/:name +PUT - /api/user/layouts/:type -Updates a user configured SPI View fields configuration. +Updates a user configured layout. +Valid layouts are: sessionstable, sessionsinfofields, spiview **Returns**: | Name | Type | Description | | --- | --- | --- | -| success | boolean| Whether the update SPI View fields configuration operation was successful. | +| success | boolean| Whether the update layout operation was successful. | | text | string| The success/error message to (optionally) display to the user. | -| colConfig | object| The udpated SPI View fields configuration. | +| layout | object| The updated layout configuration. | - + -## /user/spiview/:name API +## /user/layouts/:type/:name API -DELETE - /api/user/spiview/:name +DELETE - /api/user/layouts/:type/:name -Deletes a user configured SPI View fields configuration. +Deletes a user configured layout. +Valid layouts are: sessionstable, sessionsinfofields, spiview **Returns**: | Name | Type | Description | | --- | --- | --- | -| success | boolean| Whether the delete SPI View fields configuration operation was successful. | +| success | boolean| Whether the delete layout operation was successful. | | text | string| The success/error message to (optionally) display to the user. | @@ -1809,7 +1753,7 @@ Updates or creates a user table state object. These are used to save the states GET - /api/user/config/:page -Fetches the configuration information for a UI page for a user. +Fetches the configuration/layout information for a UI page for a user. **Returns**: @@ -2099,7 +2043,7 @@ The user object. | disablePcapDownload | boolean | false | Do not allow this user to download PCAP files. | | expression | string | | An Arkime search expression that is silently added to all queries. Useful to limit what data a user can access (e.g. which nodes or IPs). | | settings | [ArkimeSettings](#ArkimeSettings) | | The Arkime app settings. | -| notifiers | object | | A list of notifiers taht the user can use. | +| notifiers | object | | A list of notifiers that the user can use. | | columnConfigs | object | | A list of sessions table column configurations that a user has created. | | spiviewFieldConfigs | object | | A list of SPIView page field configurations that a user has created. | | tableStates | object | | A list of table states used to render Arkime tables as the user has configured them. | @@ -2123,7 +2067,7 @@ The settings object. | timezone | string | "local" | The timezone applied to timestamps within the UI. | | detailFormat | string | "last" | The format to display the session packets. Options include: last used, natural, ascii, utf-8, hex. | | showTimestamps | string | "last" | Whether to display timestamps at the top of each packet. | -| sortColumn | string | "firstPacket" | Which column to sort the sesssions table by default. Default is start time. | +| sortColumn | string | "firstPacket" | Which column to sort the sessions table by default. Default is start time. | | sortDirection | string | "desc" | Whether to sort the sessions table ascending or descending. | | spiGraph | string | "node" | The default field to show spigraph data for. | | connSrcField | string | "source.ip" | The default connections graph source node field. | @@ -2132,11 +2076,12 @@ The settings object. | theme | string | "default-theme" | The color theme to apply to the UI. Can be a name of a predefined field or a list of color codes if using a custom theme. | | manualQuery | boolean | false | Whether to load the sessions data by default or wait for a user to hit search manually. | | timelineDataFilters | array | ['network.packets','network.bytes','totDataBytes' | The filters to display on the sessions timeline graph to change the graphs data. | +| hideTags | string | "\"\"" | A comma separated list of tags to hide from sessions | | logo | string | | The optionally configurable logo to show in the top navbar. | - + -## ArkimeColumnConfig Type +## ArkimeColumnLayout Type A sessions table view that can be applied. @@ -2145,9 +2090,24 @@ A sessions table view that can be applied. | Param | Type | Default | Description | | --- | --- | --- | --- | +| name | string | | The name of the column configuration. | | order | Array.<Array> | [["firstPacket","desc"] | What to sort the Sessions table by. The table is sorted by the first item in the array first, then the second, and so on. Each element in the array includes first the sort field followed by whether to sort descending (["firstPacket", "desc"]). | | visibleHeaders | Array | ["firstPacket","lastPacket","src","source.port","dst","destination.port","network.packets","dbby","node" | The list of Sessions table columns. | + + +## ArkimeInfoColumnLayout Type + +A sessions info view that can be applied. + + +**Parameters**: + +| Param | Type | Default | Description | +| --- | --- | --- | --- | +| name | string | | The name of the info column configuration. | +| fields | Array | ["firstPacket","lastPacket","src","source.port","dst","destination.port","network.packets","dbby","node" | The list of Sessions table columns. | + ## ArkimeView Type @@ -2161,7 +2121,7 @@ A database view that can be applied to any search. | --- | --- | --- | | name | string | The name of the view. | | expression | string | The search expression to filter sessions. | -| sessionsColConfig | [ArkimeColumnConfig](#ArkimeColumnConfig) | The Sessions column configuration to apply to the Sessions table when applying the view. | +| sessionsColConfig | ArkimeColumnConfig | The Sessions column configuration to apply to the Sessions table when applying the view. | | user | string | The user ID of the user who created the view. | | users | string | The list of userIds who have access to use this view. | | roles | Array.<string> | The list of roles who have access to use this view. | diff --git a/_wiki/install.md b/_wiki/install.md index 88fd172..47f6715 100644 --- a/_wiki/install.md +++ b/_wiki/install.md @@ -25,6 +25,8 @@ It is possible to run both the database and sensors on the same machine, however If you are interested in how many and types of machines you need for your environment, please see our [hardware estimators](https://arkime.com/estimators). +If you want to use an Arkime container instead of installing on a Linux machine, please see our [docker guide](https://arkime.com/docker). + # Linux Distribution {: .section-header }