This endpoint should be used, when you are not in control of the request
body, such as in the case of calling LogScale via a callback from
another system.
http
POST /api/v1/ingest/raw
The body of the HTTP request will be interpreted as a single event, and
parsed using the parser attached to the accompanying ingest token. Unless
the parser created generates a @timestamp field, the
@timestamp of the resulting event will equal
@ingesttimestamp.
Note
This endpoint is not suited for ingesting a large number of events, and
its usage should be restricted to relatively infrequent calls.
When ingesting raw data, you can choose to authenticate by attaching
your ingest token to the header:
Show:
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw \
-H "Authorization: Bearer $INGEST_TOKEN" \
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw \
-H "Authorization: Bearer $INGEST_TOKEN" \
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw ^
-H "Authorization: Bearer $INGEST_TOKEN" ^
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Windows Powershell and curl
powershell
curl.exe -X POST
-H"Authorization: Bearer $INGEST_TOKEN"-d'My raw Message generated at "2016-06-06T12:00:00+02:00"'"$YOUR_LOGSCALE_URL/api/v1/ingest/raw"
Perl
perl
#!/usr/bin/perluse HTTP::Request;
use LWP;
my $INGEST_TOKEN = "TOKEN";
my $uri = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw';
my $json = 'My raw Message generated at "2016-06-06T12:00:00+02:00"';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $INGEST_TOKEN");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3import requests
url = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw'
mydata = r'''My raw Message generated at "2016-06-06T12:00:00+02:00"'''
resp = requests.post(url,
data = mydata,
headers = {
"Authorization" : "Bearer $INGEST_TOKEN"
}
)
print(resp.text)
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN \
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN \
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN ^
-d 'My raw Message generated at "2016-06-06T12:00:00+02:00"'
Windows Powershell and curl
powershell
curl.exe -X POST
-d'My raw Message generated at "2016-06-06T12:00:00+02:00"'"$YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN"
Perl
perl
#!/usr/bin/perluse HTTP::Request;
use LWP;
my $INGEST_TOKEN = "TOKEN";
my $uri = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN';
my $json = 'My raw Message generated at "2016-06-06T12:00:00+02:00"';
my $req = HTTP::Request->new("POST", $uri );
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3import requests
url = '$YOUR_LOGSCALE_URL/api/v1/ingest/raw/$INGEST_TOKEN'
mydata = r'''My raw Message generated at "2016-06-06T12:00:00+02:00"'''
resp = requests.post(url,
data = mydata,
headers = {}
)
print(resp.text)
When passing the ingest token as part of the URL, the token should not
be considered as secret, as it may be logged in LogScale or in
any proxy servers which process the request. Thus, CrowdStrike
strongly recommends that you authenticate through the request header
if possible.
