Ingesting Raw JSON Data
Like the raw endpoint, this endpoint should be used when you are not in control of the message body. The request body is interpreted as JSON, and translated into @rawstring, but the JSON fields are also automatically parsed out into LogScale fields.
POST /api/v1/ingest/jsonIf the received payload is a JSON object, the entire object is treated as a single event. If the received payload is a JSON array, each item in the array is treated as an event.
This is useful for receiving webhooks that can only send JSON arrays of multiple events.
The ability to handle long JSON arrays is useful where the total number of
fields exceeds the internal limit of 1000, as in this case you can't use
the raw endpoint with parseJson() and
split() functions because there are simply too many
fields.
Like for the raw endpoint, the @ingesttimestamp will be assigned to the events as @timestamp if the parser associated with the ingest token does not assign one.
Example
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/json \
-H "Authorization: Bearer $INGEST_TOKEN" \
-d @- << EOF
[
{"msg": "event 1"},
{"msg": "event 2"}
]
EOFcurl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/json \
-H "Authorization: Bearer $INGEST_TOKEN" \
-d @- << EOF
[
{"msg": "event 1"},
{"msg": "event 2"}
]
EOFcurl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/json ^
-H "Authorization: Bearer $INGEST_TOKEN" ^
-d @'[ ^
{"msg": "event 1"}, ^
{"msg": "event 2"} ^
] 'curl.exe -X POST
-H "Authorization: Bearer $INGEST_TOKEN"
-d '[
{"msg": "event 1"},
{"msg": "event 2"}
]'
"$YOUR_LOGSCALE_URL/api/v1/ingest/raw/json"#!/usr/bin/perl
use HTTP::Request;
use LWP;
my $INGEST_TOKEN = "TOKEN";
my $uri = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw/json';
my $json = '[
{"msg": "event 1"},
{"msg": "event 2"}
]';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $INGEST_TOKEN");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";#! /usr/local/bin/python3
import requests
url = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw/json'
mydata = r'''[
{"msg": "event 1"},
{"msg": "event 2"}
]'''
resp = requests.post(url,
data = mydata,
headers = {
"Authorization" : "Bearer $INGEST_TOKEN"
}
)
print(resp.text)const https = require('https');
const data = JSON.stringify(
[
{"msg": "event 1"},
{"msg": "event 2"}
]
);
const options = {
hostname: '$YOUR_LOGSCALE_URL/api/v1/ingest/raw/json',
path: '/graphql',
port: 443,
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': data.length,
Authorization: 'BEARER ' + process.env.TOKEN,
'User-Agent': 'Node',
},
};
const req = https.request(options, (res) => {
let data = '';
console.log(`statusCode: ${res.statusCode}`);
res.on('data', (d) => {
data += d;
});
res.on('end', () => {
console.log(JSON.parse(data).data);
});
});
req.on('error', (error) => {
console.error(error);
});
req.write(data);
req.end();This would create two events and the user field msg.