I've tested the new APIs with my Unofficial API Collectors. You can check here for the specific part of the code where I use the new API to upload logs.

Hope this helps!

-mike

I think what you are looking for is:
https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.logTypes.logs/import

Hi,

I'm struggling to figure out the exact endpoint format for importing UDM events using the Google SecOps API. I've been looking at the documentation here: https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.events/import

The docs specify that the HTTP request should be: POST https://chronicle.googleapis.com/v1alpha/{parent}/events:import

https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.logTypes.logs/import

In that case, endpoint format was logTypes/{log_type}/logs:import like mentionned previously.

Could someone please help me understand what the correct format for the parent parameter should be for UDM event imports? Is it something like projects/{project}/locations/{location}/instances/{instance} or is there a different format?

Thanks in advance,

Here is some sample code that will be helpful: https://github.com/chronicle/api-samples-python/blob/efde6b579d14e188e8c5ea832935d3fbff00f1a6/ingestion/v1alpha/create_udm_events.py#L67

I've also got some work-in-progress on covering the logs:import endpoint:

Hi everyone,

Thank you all for your very helpful responses. I have looked at the sample code you shared, but I'm still having trouble getting the API to work.

 want to clarify that the log import works perfectly fine for me, but I'm encountering a 400 error: "Client Error: Bad Request" for the following URL when trying to import UDM events:

While it's not for UDM, we added raw log ingestion to the wrapper SDK: https://github.com/google/secops-wrapper?tab=readme-ov-file#log-ingestion