google-cloud-chronicle-v1 0.5.0 → 0.7.0

data/proto_docs/google/cloud/chronicle/v1/dashboard_query.rb

@@ -0,0 +1,653 @@
+# frozen_string_literal: true
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module Chronicle
+      module V1
+        # DashboardQuery resource.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. Name of the dashboardQuery.
+        # @!attribute [rw] query
+        #   @return [::String]
+        #     Required. Search query string.
+        # @!attribute [rw] input
+        #   @return [::Google::Cloud::Chronicle::V1::DashboardQuery::Input]
+        #     Required. Inputs to the query.
+        # @!attribute [r] dashboard_chart
+        #   @return [::String]
+        #     Output only. DashboardChart this query belongs to.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. This checksum is computed by the server based on the value of
+        #     other fields, and may be sent on update and delete requests to ensure the
+        #     client has an up-to-date value before proceeding.
+        class DashboardQuery
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Input to the query like time window.
+          # @!attribute [rw] time_window
+          #   @return [::Google::Type::Interval]
+          #     time range to fetch the data for.
+          #
+          #     Note: The following fields are mutually exclusive: `time_window`, `relative_time`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] relative_time
+          #   @return [::Google::Cloud::Chronicle::V1::DashboardQuery::Input::RelativeTime]
+          #     time range for last x units.
+          #
+          #     Note: The following fields are mutually exclusive: `relative_time`, `time_window`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          class Input
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # time representation for last x units.
+            # @!attribute [rw] time_unit
+            #   @return [::Google::Cloud::Chronicle::V1::TimeUnit]
+            # @!attribute [rw] start_time_val
+            #   @return [::Integer]
+            class RelativeTime
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+        end
+
+        # Request message to get a dashboard query.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The name of the dashboardQuery to retrieve.
+        #     Format:
+        #     projects/\\{project}/locations/\\{location}/instances/\\{instance}/dashboardQueries/\\{query}
+        class GetDashboardQueryRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Request message to execute a dashboard query.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent, under which to run this dashboardQuery.
+        #     Format: projects/\\{project}/locations/\\{location}/instances/\\{instance}
+        # @!attribute [rw] query
+        #   @return [::Google::Cloud::Chronicle::V1::DashboardQuery]
+        #     Required. The query to execute and get results back for.
+        #     QueryID or 'query', 'input.time_window' fields will be used. Use
+        #     'native_dashboard' and 'dashboard_chart' fields if it is an in-dashboard
+        #     query.
+        # @!attribute [rw] filters
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::DashboardFilter>]
+        #     Optional. Dashboard level filters other than query string.
+        # @!attribute [rw] clear_cache
+        #   @return [::Boolean]
+        #     Optional. When true, the backend would read from the database, rather than
+        #     fetching data directly from the cache.
+        # @!attribute [rw] use_previous_time_range
+        #   @return [::Boolean]
+        #     Optional. When true, the backend will execute the query against the
+        #     previous time range of the query.
+        class ExecuteDashboardQueryRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Runtime error for a dashboard query.
+        # @!attribute [rw] error_title
+        #   @return [::String]
+        #     Short Description of the error.
+        # @!attribute [rw] error_description
+        #   @return [::String]
+        #     Error message
+        # @!attribute [rw] error_severity
+        #   @return [::Google::Cloud::Chronicle::V1::QueryRuntimeError::ErrorSeverity]
+        #     Severity of the error.
+        # @!attribute [rw] metadata
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::QueryRuntimeError::QueryRuntimeErrorMetadata>]
+        #     Metadata for the error.
+        # @!attribute [rw] warning_reason
+        #   @return [::Google::Cloud::Chronicle::V1::QueryRuntimeError::WarningReason]
+        #     Reason for the error.
+        class QueryRuntimeError
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Metadata for the error.
+          # @!attribute [rw] key
+          #   @return [::Google::Cloud::Chronicle::V1::QueryRuntimeError::MetadataKey]
+          #     Metadata key.
+          # @!attribute [rw] value
+          #   @return [::String]
+          #     Metadata value.
+          class QueryRuntimeErrorMetadata
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Based on ErrorSeverity, UI will choose to format the error differently.
+          module ErrorSeverity
+            # Severity is unknown.
+            ERROR_SEVERITY_UNSPECIFIED = 0
+
+            # Severity is warning.
+            WARNING = 1
+
+            # Error is severe.
+            SEVERE = 2
+          end
+
+          # Metadata enum to identify the metadata key.
+          module MetadataKey
+            # Key is unknown.
+            METADATA_KEY_UNSPECIFIED = 0
+
+            # Key is row limit.
+            ROW_LIMIT = 1
+          end
+
+          # Warning reason.
+          module WarningReason
+            # Reason is unknown.
+            WARNING_REASON_UNSPECIFIED = 0
+
+            # Reason is row limit exceeded.
+            ROW_LIMIT_EXCEEDED = 1
+
+            # Reason is default row limit exceeded.
+            DEFAULT_ROW_LIMIT_EXCEEDED = 2
+
+            # Reason is curated query default row limit exceeded.
+            CURATED_QUERY_DEFAULT_ROW_LIMIT_EXCEEDED = 3
+          end
+        end
+
+        # Response message for executing a dashboard query.
+        # @!attribute [rw] results
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnData>]
+        #     Result rows that are queried.
+        # @!attribute [rw] data_sources
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::DataSource>]
+        #     Datasource of the query and results.
+        # @!attribute [rw] last_backend_cache_refreshed_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Last time the cache was refreshed. This would be used by the UI
+        #     to show the last updated time.
+        # @!attribute [rw] time_window
+        #   @return [::Google::Type::Interval]
+        #     Time window against which query was executed.
+        # @!attribute [rw] query_runtime_errors
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::QueryRuntimeError>]
+        #     Runtime errors
+        # @!attribute [rw] language_features
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::LanguageFeature>]
+        #     Optional. Language features found in the query.
+        class ExecuteDashboardQueryResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # LINT.IfChange(stats_data)
+          # Value of the column based on data type.
+          # @!attribute [rw] null_val
+          #   @return [::Boolean]
+          #     True if the value is NULL.
+          #
+          #     Note: The following fields are mutually exclusive: `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] bool_val
+          #   @return [::Boolean]
+          #     Boolean value.
+          #
+          #     Note: The following fields are mutually exclusive: `bool_val`, `null_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] bytes_val
+          #   @return [::String]
+          #     Bytes value.
+          #
+          #     Note: The following fields are mutually exclusive: `bytes_val`, `null_val`, `bool_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] double_val
+          #   @return [::Float]
+          #     Double value.
+          #
+          #     Note: The following fields are mutually exclusive: `double_val`, `null_val`, `bool_val`, `bytes_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] int64_val
+          #   @return [::Integer]
+          #     Integer value (signed).
+          #
+          #     Note: The following fields are mutually exclusive: `int64_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] uint64_val
+          #   @return [::Integer]
+          #     Un-signed integer value.
+          #
+          #     Note: The following fields are mutually exclusive: `uint64_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `string_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] string_val
+          #   @return [::String]
+          #     String value. Enum values are returned as strings.
+          #
+          #     Note: The following fields are mutually exclusive: `string_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `timestamp_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] timestamp_val
+          #   @return [::Google::Protobuf::Timestamp]
+          #     Timestamp values. Does not handle `interval`.
+          #
+          #     Note: The following fields are mutually exclusive: `timestamp_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `date_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] date_val
+          #   @return [::Google::Type::Date]
+          #     Date values.
+          #
+          #     Note: The following fields are mutually exclusive: `date_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `proto_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] proto_val
+          #   @return [::Google::Protobuf::Any]
+          #     For any proto values that are not any of the above.
+          #
+          #     Note: The following fields are mutually exclusive: `proto_val`, `null_val`, `bool_val`, `bytes_val`, `double_val`, `int64_val`, `uint64_val`, `string_val`, `timestamp_val`, `date_val`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] metadata
+          #   @return [::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnValue::ValueMetadata]
+          class ColumnValue
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # @!attribute [rw] links
+            #   @return [::Array<::Google::Cloud::Chronicle::V1::InAppLink>]
+            #     "Auto" generated In-app links.
+            # @!attribute [rw] field_paths
+            #   @return [::Array<::String>]
+            # @!attribute [rw] timestamp_val
+            #   @return [::Google::Protobuf::Timestamp]
+            #     Timestamp value to store the timestamp for the case of the date and
+            #     time data type.
+            class ValueMetadata
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+
+          # Singular vs list of values in a column.
+          # @!attribute [rw] value
+          #   @return [::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnValue]
+          #     Single value in a column.
+          #
+          #     Note: The following fields are mutually exclusive: `value`, `list`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] list
+          #   @return [::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnType::List]
+          #     List of values in a column e.g. IPs
+          #
+          #     Note: The following fields are mutually exclusive: `list`, `value`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          class ColumnType
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Store list of values in a column.
+            # @!attribute [rw] values
+            #   @return [::Array<::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnValue>]
+            class List
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+
+          # @!attribute [rw] column
+          #   @return [::String]
+          #     Used to store column names.
+          # @!attribute [rw] values
+          #   @return [::Array<::Google::Cloud::Chronicle::V1::ExecuteDashboardQueryResponse::ColumnType>]
+          #     To store column data.
+          # @!attribute [rw] metadata
+          #   @return [::Google::Cloud::Chronicle::V1::ColumnMetadata]
+          #     To store column metadata.
+          class ColumnData
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Dashboard level filter that can be used in native dashboards as well as
+        # inputs to execute query.
+        # @!attribute [rw] id
+        #   @return [::String]
+        #     ID of the filter.
+        # @!attribute [rw] data_source
+        #   @return [::Google::Cloud::Chronicle::V1::DataSource]
+        #     Datasource the filter is applicable for.
+        # @!attribute [rw] field_path
+        #   @return [::String]
+        #     Filter field path.
+        # @!attribute [rw] filter_operator_and_field_values
+        #   @return [::Array<::Google::Cloud::Chronicle::V1::FilterOperatorAndValues>]
+        #     Operator and values. Can include multiple modifiers.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Display name of the filter.
+        # @!attribute [rw] chart_ids
+        #   @return [::Array<::String>]
+        #     Chart IDs the filter is applicable for.
+        # @!attribute [rw] is_standard_time_range_filter
+        #   @return [::Boolean]
+        #     Optional. Whether the filter is a standard time range filter,
+        #     meaning that it has to be used as the query time range,
+        #     and not as a predicate in the query.
+        #     A chart can have at most one standard time range filter applied.
+        # @!attribute [rw] is_mandatory
+        #   @return [::Boolean]
+        #     Optional. Whether this filter is required to be populated by the
+        #     dashboard consumer prior to the dashboard loading.
+        # @!attribute [rw] is_standard_time_range_filter_enabled
+        #   @return [::Boolean]
+        #     Optional. Whether this standard time range filter is enabled.
+        # @!attribute [rw] advanced_filter_config
+        #   @return [::Google::Cloud::Chronicle::V1::AdvancedFilterConfig]
+        #     Optional. Advanced filter configuration for the filter widget.
+        class DashboardFilter
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # @!attribute [rw] filter_operator
+        #   @return [::Google::Cloud::Chronicle::V1::FilterOperator]
+        #     Operator for a single filter modifier.
+        # @!attribute [rw] field_values
+        #   @return [::Array<::String>]
+        #     Values for the modifier. All operators should have a single value other
+        #     than 'IN' and 'BETWEEN'. 'PAST' will have negative seconds
+        #     like -86400 is past 1 day.
+        class FilterOperatorAndValues
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Advanced filter configuration for the filter widget.
+        # @!attribute [rw] token
+        #   @return [::String]
+        #     Required. The token name to look for in the query (e.g., "hostname").
+        #     The system will automatically wrap this in '$' (e.g., "$hostname$").
+        # @!attribute [rw] prefix
+        #   @return [::String]
+        #     Optional. String to prepend to the final replaced value (e.g., "/", "^(",
+        #     "\"").
+        # @!attribute [rw] suffix
+        #   @return [::String]
+        #     Optional. String to append to the final replaced value (e.g., "/", ")$",
+        #     "\"").
+        # @!attribute [rw] separator
+        #   @return [::String]
+        #     Optional. Delimiter to join multiple selected values (e.g., "|", " OR field
+        #     = ").
+        # @!attribute [rw] multiple_allowed
+        #   @return [::Boolean]
+        #     Optional. Whether to allow selection of multiple values.
+        # @!attribute [rw] default_values
+        #   @return [::Array<::String>]
+        #     Optional. Default values to use if no value is selected/provided.
+        # @!attribute [rw] skip_default_affixes
+        #   @return [::Boolean]
+        #     Optional. Whether to skip the configured prefix and suffix when using
+        #     default values. If true, default values are inserted raw (joined by the
+        #     separator).
+        # @!attribute [rw] value_source
+        #   @return [::Google::Cloud::Chronicle::V1::AdvancedFilterConfig::ValueSource]
+        #     Required. Source of the values for the filter.
+        class AdvancedFilterConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Source of the values for the filter.
+          # @!attribute [rw] manual_options
+          #   @return [::Google::Cloud::Chronicle::V1::AdvancedFilterConfig::ManualOptions]
+          #     Optional. Manual options provided by the user.
+          #
+          #     Note: The following fields are mutually exclusive: `manual_options`, `query_options`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          # @!attribute [rw] query_options
+          #   @return [::Google::Cloud::Chronicle::V1::AdvancedFilterConfig::QueryOptions]
+          #     Optional. Query options to fetch the values from the query engine.
+          #     This is used for the filter's population query.
+          #
+          #     Note: The following fields are mutually exclusive: `query_options`, `manual_options`. If a field in that set is populated, all other fields in the set will automatically be cleared.
+          class ValueSource
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Manual options provided by the user.
+          # @!attribute [rw] options
+          #   @return [::Array<::String>]
+          #     Optional. The options provided by the user.
+          #     The max number of options is limited to 10000.
+          class ManualOptions
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Query options to fetch the values from the query engine.
+          # This is used for the filter's population query.
+          # @!attribute [rw] query
+          #   @return [::String]
+          #     Required. The query to execute to fetch the values.
+          # @!attribute [rw] column
+          #   @return [::String]
+          #     Required. The column name to use for the values.
+          # @!attribute [rw] global_time_filter_enabled
+          #   @return [::Boolean]
+          #     Optional. Enable global time filter
+          # @!attribute [rw] input
+          #   @return [::Google::Cloud::Chronicle::V1::DashboardQuery::Input]
+          #     Optional. Time range input specifically for the filter's population
+          #     query.
+          class QueryOptions
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # In app linking start
+        # @!attribute [rw] url
+        #   @return [::String]
+        #     URL to redirect to.
+        # @!attribute [rw] label
+        #   @return [::String]
+        #     Label for the link.
+        # @!attribute [rw] icon_url
+        #   @return [::String]
+        #     Icon url for the link.
+        class InAppLink
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Metadata of the column.
+        # @!attribute [rw] column
+        #   @return [::String]
+        #     Name of the column.
+        # @!attribute [rw] field_path
+        #   @return [::String]
+        #     Field path of the queried field, if any.
+        # @!attribute [rw] function_name
+        #   @return [::String]
+        #     Name of the function used to query the field, if any.
+        # @!attribute [rw] function_module
+        #   @return [::String]
+        #     Module of the function used to query the field, if any.
+        # @!attribute [rw] data_source
+        #   @return [::Google::Cloud::Chronicle::V1::DataSource]
+        #     Data source queried.
+        # @!attribute [rw] timestamp_metadata
+        #   @return [::Google::Cloud::Chronicle::V1::TimestampMetadata]
+        #     Timestamp Metadata
+        # @!attribute [rw] longitude
+        #   @return [::Boolean]
+        #     Whether the column is a longitude field.
+        # @!attribute [rw] latitude
+        #   @return [::Boolean]
+        #     Whether the column is a latitude field.
+        # @!attribute [rw] selected
+        #   @return [::Boolean]
+        #     Whether the column is selected in the final response.
+        # @!attribute [rw] unselected
+        #   @return [::Boolean]
+        #     Whether the column is unselected in the final response.
+        class ColumnMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Metadata of the timestamp column.
+        # @!attribute [rw] time_format
+        #   @return [::String]
+        #     Time format of the timestamp column.
+        # @!attribute [rw] time_zone
+        #   @return [::String]
+        #     Time zone of the timestamp column.
+        # @!attribute [rw] time_granularity
+        #   @return [::String]
+        #     Time granularity of the timestamp column.
+        # @!attribute [rw] is_sortable
+        #   @return [::Boolean]
+        #     Whether the timestamp column is sortable in UI.
+        # @!attribute [rw] is_interpolable
+        #   @return [::Boolean]
+        #     Whether the timestamp column is interpolable in UI.
+        class TimestampMetadata
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A language feature describes a specific capability or syntax of the query
+        # language used in a dashboard query, such as `JOINS`, `STAGES`, or
+        # `DATA_TABLES`.
+        module LanguageFeature
+          # Language feature is unknown.
+          LANGUAGE_FEATURE_UNSPECIFIED = 0
+
+          # Language feature is joins.
+          JOINS = 1
+
+          # Language feature is stages.
+          STAGES = 2
+
+          # Language feature is data table.
+          DATA_TABLES = 3
+        end
+
+        module FilterOperator
+          # Default unspecified.
+          FILTER_OPERATOR_UNSPECIFIED = 0
+
+          EQUAL = 1
+
+          NOT_EQUAL = 2
+
+          IN = 3
+
+          GREATER_THAN = 4
+
+          GREATER_THAN_OR_EQUAL_TO = 5
+
+          LESS_THAN = 6
+
+          LESS_THAN_OR_EQUAL_TO = 7
+
+          BETWEEN = 8
+
+          PAST = 9
+
+          IS_NULL = 10
+
+          IS_NOT_NULL = 11
+
+          STARTS_WITH = 12
+
+          ENDS_WITH = 13
+
+          DOES_NOT_STARTS_WITH = 14
+
+          DOES_NOT_ENDS_WITH = 15
+
+          NOT_IN = 16
+
+          # CONTAINS is used for substring match.
+          CONTAINS = 17
+
+          # Used if we want to check if the field does not contain the substring.
+          DOES_NOT_CONTAIN = 18
+        end
+
+        # LINT.IfChange(data_sources)
+        module DataSource
+          DATA_SOURCE_UNSPECIFIED = 0
+
+          UDM = 1
+
+          ENTITY = 2
+
+          INGESTION_METRICS = 3
+
+          # RULE_DETECTIONS is used for detections datasource.
+          RULE_DETECTIONS = 4
+
+          # RULESETS is used for ruleset with detections datasource.
+          RULESETS = 5
+
+          # GLOBAL is used for standard time range filter.
+          GLOBAL = 6
+
+          # IOC_MATCHES is used for ioc_matches datasource.
+          IOC_MATCHES = 7
+
+          # RULES is used for rules datasource.
+          RULES = 8
+
+          # SOAR Cases - identified as `case`.
+          SOAR_CASES = 9
+
+          # SOAR Playbooks - identified as `playbook`.
+          SOAR_PLAYBOOKS = 10
+
+          # SOAR Case History - identified as `case_history`.
+          SOAR_CASE_HISTORY = 11
+
+          # DATA_TABLE is used for data tables source.
+          DATA_TABLE = 12
+
+          # INVESTIGATION is used as the data source for triage agent investigations.
+          # Identified as `gemini_investigation`.
+          INVESTIGATION = 13
+
+          # INVESTIGATION_FEEDBACK is used as the data source for user feedback on
+          # triage agent investigations. Identified as `gemini_investigation_feedback`.
+          INVESTIGATION_FEEDBACK = 14
+        end
+
+        # TimeUnit supported for PAST filter operator.
+        module TimeUnit
+          # Default unspecified.
+          TIME_UNIT_UNSPECIFIED = 0
+
+          SECOND = 1
+
+          MINUTE = 2
+
+          HOUR = 3
+
+          DAY = 4
+
+          WEEK = 5
+
+          MONTH = 6
+
+          YEAR = 7
+        end
+      end
+    end
+  end
+end