Retrieve XQL query results with more than 1000 results.
Note: This endpoint only works on XQL queries initiated by /public_api/v1/xql/start_xql_query/.
Response is returned as chunked (Transfer-Encoding: chunked). To retrieve a compressed gzipped response (Content-Encoding: gzip), in your header add Accept-Encoding: gzip.
For more information on how to run XQL queries, see Running XQL Query APIs.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" -H "'Accept-Encoding: gzip' : " ": QuoteAcceptEncoding gzipQuote Double_Quote Double_Quote_example" \
"https://api-yourfqdn/public_api/v1/xql/get_query_results_stream" \
-d '{
"request_data" : {
"stream_id" : "563c5e24-===-9a1f8139d3c5",
"is_gzip_compressed" : true
}
}'
QuoteAcceptEncoding gzipQuote Double_Quote Double_Quote_example
Successful response
Bad Request. Got an invalid JSON.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. User does not have the required license type to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Internal server error. A unified status for API communication type errors.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}