Live Search Request

A live search request is similar to the simplie search request. The difference is that a live search request does not complete. Instead, the search returns all the matching records to the client, and then keeps the HTTP request open. As new data is ingested into the repository, matching results are immediately sent to the client.

To execute a live search request, add the isLive parameter to the request object with the value true. For example:

Raw
json
{
   "isLive" : true,
   "queryString" : "css"
}
Mac OS or Linux (curl)
shell
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "{
   \"isLive\" : true,
   \"queryString\" : \"css\"
}
"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json"
Windows Cmd and curl
cmd
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "{ ^
   \"queryString\" : \"css\", ^
   \"isLive\" : true ^
} ^
" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "{
   \"isLive\" : true,
   \"queryString\" : \"css\"
}
"
}'
"https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;
my $TOKEN = "TOKEN";
my $uri = 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query';
my $json = '{"query" : "{
   \"isLive\" : true,
   \"queryString\" : \"css\"
}
"
}';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query'
mydata = r'''{"query" : "{
   \"isLive\" : true,
   \"queryString\" : \"css\"
}
"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "{
   \"isLive\" : true,
   \"queryString\" : \"css\"
}
"
}
);


const options = {
  hostname: 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

The results match the filter will be returned instantly, but the HTTP connection will not be closed. Any additional results will be returned as they are ingested:

accesslog
192.168.1.18 - - [09/Mar/2023:17:06:04 +0000] "GET /css-images/book-open.svg HTTP/1.1" 200 339
192.168.1.18 - - [09/Mar/2023:17:06:04 +0000] "GET /css-images/logo-white.svg HTTP/1.1" 200 2275
192.168.1.18 - - [09/Mar/2023:17:06:04 +0000] "GET /css-images/slack.svg HTTP/1.1" 200 999
127.0.0.1 - - [10/Mar/2023:09:43:42 +0000] "GET /theme-home.css HTTP/1.1" 200 70699
...
192.168.1.18 - - [11/Mar/2023:17:06:04 +0000] "GET /css-images/slack.svg HTTP/1.1" 200 999