Search API
The Search API is the primary endpoint for running queries for a specific repository or view.
There are two main types of queries in LogScale:
This is the normal query on event data, such as you would type directly into the search box in LogScale.
A live query returns information as a stream of data that is updated as new events are ingested into the repository. Live queries return any immediate results and then stream additional results after ingest, leaving the request open to stream additional data. In LogScale you select the Live checkbox to enable live queries.
In addition, there are two main endpoints on which both Static and Live queries can be submitted:
Query jobs is the recommended endpoint for submitting queries. This endpoint provides an asynchronous method for submitted queries, enabling a request to be submitted, with the results accessed later without the client having to actively wait for a response (non-blocking). Query jobs are useful if you have repetitive or complex queries, such as ones with aggregations.
The base endpoint is
/api/v1/repositories/repo/queryjobs.The streaming query endpoint supports a single synchronous query. This is suitable only for simple, filter-only queries over short timeframes, as it blocks the client for the duration the query is run.
The base endpoint is
/api/v1/repositories/repo/query.
For a list of the supported endpoint and methods, see the following table:
Table:
| HTTP Method | URI | Availability | Description |
|---|---|---|---|
GET | /api/v1/repositories/ | Request the current query status and results | |
POST | /api/v1/repositories/ | Create a query job | |
DELETE | /api/v1/repositories/ | Delete a previously created query job | |
POST | /api/v1/repositories/ | Submit a search query |