Get JCEventCount - TheJumpCloud/support GitHub Wiki
Query the API for a count of matching events
Get-JCEventCount -Service <String[]> -StartTime <DateTime> [-EndTime <DateTime>] [-Fields <String[]>]
[-Q <String>] [-SearchAfter <String[]>] [-SearchTermAnd <Hashtable>] [-SearchTermNot <Hashtable>]
[-SearchTermOr <Hashtable>] [-Sort <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-JCEventCount -Body <IEventQuery> [-WhatIf] [-Confirm] [<CommonParameters>]
Query the API for a count of matching events
Get-JCEventCount -Service:('all') -StartTime:((Get-date).AddDays(-30))
Pull all event records from a specified time and count the results
Get-JCEventCount -Service:('sso') -StartTime:('2020-04-14T00:00:00Z')
Pull all SSO event records from a specified time and count the results
Get-JCEventCount -Service:('all') -StartTime:('2020-04-14T00:00:00Z') -EndTime:('2020-04-20T23:00:00Z') -SearchTermAnd @{"event_type" = "admin_login_attempt"; "resource.email" = "[email protected]"}
Get all events counts between a date range and match event_type = admin_login_attempt and resource.email = [email protected]
Get-JCEventCount -Service:('directory') -StartTime:((Get-date).AddDays(-30)) -searchTermAnd:@{"event_type" = "group_create"}
Get only group_create event counts the last thirty days
EventQuery is the users' command to search our auth logs To construct, see NOTES section for BODY properties and create a hash table.
Type: JumpCloud.SDK.DirectoryInsights.Models.IEventQuery
Parameter Sets: Get
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: Falseoptional query end time, UTC in RFC3339 format
Type: System.DateTime
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: Falseoptional list of fields to return from query
Type: System.String[]
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: Falseoptional string for specifying a full text query
Type: System.String
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecific query to search after, see x-* response headers for next values
Type: System.String[]
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseTermConjunction represents a conjunction (and/or)NOTE: the validator limits what the operator can be, not the object for future-proof-ness and a list of sub-values
Type: System.Collections.Hashtable
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseTermConjunction represents a conjunction (and/or)NOTE: the validator limits what the operator can be, not the objectfor future-proof-nessand a list of sub-values
Type: System.Collections.Hashtable
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseTermConjunction represents a conjunction (and/or)NOTE: the validator limits what the operator can be, not the object for future-proof-ness and a list of sub-values
Type: System.Collections.Hashtable
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: Falseservice name to query. Known services: systems,radius,sso,directory,ldap,all
Type: System.String[]
Parameter Sets: GetExpanded
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseASC or DESC order for timestamp
Type: System.String
Parameter Sets: GetExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: Falsequery start time, UTC in RFC3339 format
Type: System.DateTime
Parameter Sets: GetExpanded
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODY <IEventQuery>: EventQuery is the users' command to search our auth logs Service <String[]>: service name to query. Known services: systems,radius,sso,directory,ldap,all StartTime <DateTime>: query start time, UTC in RFC3339 format [EndTime <DateTime?>]: optional query end time, UTC in RFC3339 format [Fields <String[]>]: optional list of fields to return from query [Limit <Int64?>]: Max number of rows to return [SearchAfter <String[]>]: Specific query to search after, see x-* response headers for next values [SearchTermAnd <ISearchTermAnd>]: list of event terms. If all terms match the event will be returned by the service. [(Any) <Object>]: This indicates any property can be added to this object. [SearchTermOr <ISearchTermOr>]: list of event terms. If any term matches, the event will be returned by the service. [(Any) <Object>]: This indicates any property can be added to this object. [Sort <String>]: ASC or DESC order for timestamp