The sessions() GraphQL query provides paginated search results for tokens.

For information on session management, see the Session Management documentation page. You may also want to look at session().

Syntax

Below is the syntax for the sessions() query field:

graphql
sessions(
     searchFilter: string
     skip: integer
     limit: integer
     onlyActiveSessions: boolean      
     level: Sessions__Filter_Level
     sortBy: Sessions__SortBy
     orderBy: OrderBy
   ): SessionQueryResultSet!

For the input, there are several parameters, with the choices for each special datatype. They're described in the Given Datatypes section below. What to use for the return, for SessionQueryResultSet is listed in the Results Datatypes section. For now, look at this example:

Raw
graphql
query{
  sessions(
    searchFilter: "company.com"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query{ ^
  sessions( ^
    searchFilter: \"company.com\" ^
    limit: 10 ^
    skip: 0 ^
    onlyActiveSessions: false  ^
    level: Organization ^
    sortBy: User ^
    orderBy: DESC ^
  ) ^
  {totalResults, results {id, user{username}}} ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}'
"$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $INGEST_TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $json = '{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}';
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "sessions": {
      "totalResults": 2,
      "results": [
        {
          "id": "hOIfDrvLcC3jNP2RbZS9aYdP2j4ml6la",
          "user": {
            "username": "steve@company.com"
          }
        },
        {
          "id": "3bDFGc6CGGRJ7I203dG3JMg1LKs3cvZ6",
          "user": {
            "username": "bob@company.com"
          }
        }
      ]
    }
  }
}

This example is searching for sessions with users who have an email address using company.com. It includes active and inactive sessions. And sorts by users in descending order.

For the results, it's requesting the ID and username for each session.

Given Datatypes

The given datatypes are described in the table below:

Table: Mix of Input for Sessions

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Sep 6, 2024
searchFilterstring  Text on which to search the active sessions.
limitinteger 50The maximum number of rows to return.
skipinteger 0The initial number of rows to skip; display only rows after number given.
onlyActiveSessionsboolean trueWhether to include only active sessions.
levelSessions__Filter_level  Whether information on the session should be filtered based on the level (e.g., user level).
   Valid Values
   OrganizationFilter returned data on organization.
   UserFilter data at user level.
sortBySessions__SortByyes Indicates the field by which to sort the session data returned (e.g., date and time of the last act).
   Valid Values
   ClientInfoSort by client information of users.
   IPAddressSort by IP addresses of session users.
   LastActivityTimeSort by date and time of last act.
   LocationSort by location of users.
   LoginTimeSort by login times for sessions.
   UserSort by user.
orderByOrderBy ASCWhether the results should be returned in ascending or descending order.
   Valid Values
   ASCIn ascending order.
   DESCIn descending order.

Returned Datatypes

The returned datatype SessionQueryResultSet has its own parameters. Below is a list of them along with their datatypes and a description of each:

Table: SessionQueryResultSet

ParameterTypeRequiredDefaultDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Oct 3, 2024
results[Session]yes The paginated results set. See Session.
totalResultsintegeryes The total number of matching results.