Simple Search Request
To start a query, POST the query:
| Description | Submit a search query | ||
| Method | POST /api/v1/repositories/ | ||
| Request Data | QueryJobInput | ||
| Response Data | QueryResponse | ||
| Authentication Required | yes | ||
| Path Arguments | Description | Data type | Required? |
repo | Name of repository to be searched | string | required |
| Return Codes | |||
| 200 | Request complete | ||
| 400 | Request is malformed and either missing critical fields or the JSON is badly structured | ||
| 500 | Request failed | ||
When using the endpoint, you must have a suitable access token for the data, either a repository token or a personal token, that has read access for the corresponding repository. See Tokens in LogScale.
The JSON request body supports the following attributes:
Table:
| Field | Type | Required? | Default | Description |
|---|---|---|---|---|
| allowEventSkipping | boolean | false | If set to true, events in the result skipped will be skipped if not retrieved. | |
| arguments | | Dictionary of arguments specified in queries with ?param or ?{param=defaultValue} syntax. Provided arguments must be a simple dictionary of string values. If an argument is given explicitly as in ?query(param=value) then that value overrides values provided here. | ||
| end | relative-time | The end date and time. This parameter tells LogScale not to return results from after this date and time. See Search API Time Specification, | ||
| ingestEnd | relative-time | Specifies the end time based on when the data was ingested. | ||
| ingestStart | relative-time | Specifies the start time based on when the data was ingested. | ||
| isLive | boolean | false | Sets whether this query is live. Defaults to false. Live queries are continuously updated. | |
| languageVersion | string | The version of the query language to use | ||
| queryString | string | Yes | The actual query. See Query Language Syntax for details. | |
| timeZoneOffsetMinutes | integer |
Set the time zone offset used for bucket()
and timechart() time slices, which is
significant if the corresponding
span is multiples of days.
Defaults to 0 (UTC);
positive numbers are to the east of UTC, so for
UTC+01:00 timezone the value
60 should be passed.
|
For example, to execute a basic query from the command line:
Raw
json
{
"queryString" : "css|head(5)"
}Mac OS or Linux (curl)
shell
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d @- << EOF
{"query" : "{
\"queryString\" : \"css|head(5)\"
}
"
}
EOFMac OS or Linux (curl) One-line
shell
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json"Windows Cmd and curl
cmd
curl -v -X POST https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query ^
-H "Authorization: Bearer $TOKEN" ^
-H "Content-Type: application/json" ^
-d @'{"query" : "{ ^
\"queryString\" : \"css|head(5)\" ^
} ^
" ^
} 'Windows Powershell and curl
powershell
curl.exe -X POST
-H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{"query" : "{
\"queryString\" : \"css|head(5)\"
}
"
}'
"https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query"Perl
perl
#!/usr/bin/perl
use HTTP::Request;
use LWP;
my $TOKEN = "TOKEN";
my $uri = 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query';
my $json = '{"query" : "{
\"queryString\" : \"css|head(5)\"
}
"
}';
my $req = HTTP::Request->new("POST", $uri );
$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");
$req->content( $json );
my $lwp = LWP::UserAgent->new;
my $result = $lwp->request( $req );
print $result->{"_content"},"\n";Python
python
#! /usr/local/bin/python3
import requests
url = 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query'
mydata = r'''{"query" : "{
\"queryString\" : \"css|head(5)\"
}
"
}'''
resp = requests.post(url,
data = mydata,
headers = {
"Authorization" : "Bearer $TOKEN",
"Content-Type" : "application/json"
}
)
print(resp.text)Node.js
javascript
const https = require('https');
const data = JSON.stringify(
{"query" : "{
\"queryString\" : \"css|head(5)\"
}
"
}
);
const options = {
hostname: 'https://$YOUR_LOGSCALE_URL/api/v1/repositories/$REPOSITORY_NAME/query',
path: '/graphql',
port: 443,
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': data.length,
Authorization: 'BEARER ' + process.env.TOKEN,
'User-Agent': 'Node',
},
};
const req = https.request(options, (res) => {
let data = '';
console.log(`statusCode: ${res.statusCode}`);
res.on('data', (d) => {
data += d;
});
res.on('end', () => {
console.log(JSON.parse(data).data);
});
});
req.on('error', (error) => {
console.error(error);
});
req.write(data);
req.end();accesslog
127.0.0.1 - - [10/Mar/2023:09:43:45 +0000] "GET /css-images/cpu.svg HTTP/1.1" 200 667
192.168.1.18 - - [09/Mar/2023:17:06:04 +0000] "GET /css-images/database.svg HTTP/1.1" 200 372
127.0.0.1 - - [10/Mar/2023:09:43:45 +0000] "GET /css-images/trello.svg HTTP/1.1" 200 373
127.0.0.1 - - [10/Mar/2023:09:43:45 +0000] "GET /css-images/box.svg HTTP/1.1" 200 462The results are sent back by default as raw text, i.e. not embedded in a JSON or other structure.
The connection will be closed once the results have been returned, and the returned data will match the supplied query at the time of execution.
Triggering Direct Download of the Results
If you use this API from a browser application, you may want to trigger
direct download. You can achieve this by adding the HTTP header
X-Desired-Filename
to the request. That will result in the response having the header
Content-Disposition
with the value attachment;
filename=\"DESIRED_FILE_NAME\".