API to get data from lookup dataset

PA_nts — Mon, 14 Jul 2025 07:56:01 GMT

Hi All,

in XQL - i can run a query and dump the data into a lookup dataset, this works, then i can run a local query against this lookup dataset and i see all the data as expected.

however, when i run an API request against (https://api-yourfqdn/public_api/v1/xql/lookups/get_data) to get the data i only see the following fields (in bold below)..

 "reply": {
        "data": [
            {
                "_time": 1751451680000,
                "_insert_time": 1752154971000,
                "_update_time": 1752154971000,
                "_collector_name": "Console",
                "_collector_type": "Console",
                "_1dfa7b80_9b22_4ba2_aaec_633c4005ab51": null,
                "_4917d51c_7619_4e24_aadc_64079cd64b34": null,
                "_74e67f51_258c_4b90_88ae_2784c4146f23": null,
                "_bd05708b_5778_44a2_bdd7_93b47b2e9cef": null,
                "_e6cadcdd_7a36_45ac_939c_c56c31dafb5b": null,
                "_f8d6ec99_8286_49a2_a7d3_b54e34a253f8": null,
                "_fea87f34_4296_4c6c_b2dd_811b2408eabb": null
            },
 
All the other Fields are XDM aliases.. for some reason it seems I 
am not able to pull the XDM fields from the dataset.
i am running the enterprise+ license 
 
this by design?
thank in adv
 

topic API to get data from lookup dataset in Cortex XSIAM Discussions

API to get data from lookup dataset