Cisco
Login
Search
Software Secure Workload
Activity Configure

Secure Workload OpenAPIs Workspaces and Security Policies Live Analysis Download flows available through Live Analysis

Last updated: Jun 09, 2025

Download flows available through Live Analysis

This API endpoint returns the list of flows matching the filter criteria. Each flow object in the result has attributes that are a union of live analysis dimensions (returned by the live analysis dimensions API) and the live analysis metrics (returned by the live analysis metrics API). Optionally, user can also specify a small subset of dimensions or metrics if they are not interested in the full set of available dimensions and metrics. This projection of a smaller subset of dimensions or metrics also have the side effect of making API calls fast.

POST /openapi/v1/live_analysis/{application_id}

The JSON query body consists of the following keys:

Key Name

Type

Description

t0

integer or string

Start of time interval (epoch or ISO 8601)

t1

integer or string

End of time interval (epoch or ISO 8601)

filter

JSON

Query filter. If filter is empty (that is,{}), then query matches all flows. Refer to section on Filters in Flow Search regarding syntax of filters.

dimensions

array

(optional) List of flow dimensions to be returned for the downloaded flows available through Live Analysis. If unspecified, all available dimensions are returned.

metrics

array

(optional) List of flow metrics to be returned for the downloaded flows available through Live Analysis.

limit

integer

(optional) Number of flows to be returned in a single API response.

offset

string

(optional) Offset received from previous response, which is useful for pagination.

The body of the request should be a JSON formatted query. An example of a query body is shown below.


  
    {
        "t0": "2016-06-17T09:00:00-0700",
        "t1": "2016-06-17T17:00:00-0700",
        "filter": {
            "type": "and",
            "filters": [
                {
                    "type": "contains",
                    "field": "category",
                    "value": "escaped"
                },
                {
                    "type": "in",
                    "field": "dst_port",
                    "values": ["80", "443"]
                }
            ]
        },
        "limit": 100,
        "offset": <offset-object>
    }

The response is a JSON object in the body with the following properties:

Key

Value

offset

Response offset to be passed for the next page of results

results

List of results

To generate the next page of results, take the object received by the response in offset and pass it as the value for the offset of the next query.

Sample Python code 


   req_payload = {"t0": "2016-11-07T09:00:00-0700",
                  "t1": "2016-11-07T19:00:00-0700",
                  "limit": 10,
                  "filter": {"type": "and",
                      "filters": [
                          {"type": "contains", "field": "category", "value": "escaped"},
                          {"type": "regex", "field": "src_hostname", "value": "web*"}
                       ]
                  }
    }

    resp = restclient.post('/live_analysis/{application_id}', json_body=json.dumps(req_payload))
    print resp.status_code
    if resp.status_code == 200:
        parsed_resp = json.loads(resp.content)
        print json.dumps(parsed_resp, indent=4, sort_keys=True)
Previous topic Flow metrics available in Live Analysis Next topic Scopes