This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

Join RQL query throwing Failed to execute RQL search . Illegal Argument

ABanjerjee
L0 Member

‎06-04-2025 04:06 AM - edited ‎06-04-2025 04:30 AM

Hello team,

I am trying to execute the below join query in achieve the below output-

1. Only Service accounts that has have elevated roles (e.g., roles/owner, roles/editor)

2. Service accounts that have atleast one user-managed key

 

config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-projects-get-iam-user' AND json.rule = user contains "iam.gserviceaccount.com" and (roles[*] contains "admin" or roles[*] contains "Admin" or roles[*] contains "roles/editor" or roles[*] contains "roles/owner") as X;config from cloud.resource where api.name = 'gcloud-iam-service-accounts-keys-list' AND json.rule = keyType equals "USER_MANAGED" as Y;config from cloud.resource where api.name = 'gcloud-iam-service-accounts-list' as Z;filter '($.Y.name contains $.Z.email and $.Z.email in $.X.user)';show Z;

 

However getting the Illegal argument error even though it seems the query syntax is correct as per the green check mark . Please refer to the attached screenshot and suggest on the same please. Appreciate your help on the same.

 

Regards

Arnab

Preview file
102 KB
0 Likes Likes
(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks