Summary

The sessions() GraphQL query provides a paginated list of all current sessions.

API Stability Long-Term

Syntax

graphql
sessions(
     searchFilter: string,
     onlyActiveSessions: boolean,    
     level: Sessions__Filter_Level,
     sortBy: Sessions__SortBy,
     orderBy: OrderBy,
     skip: integer,
     limit: integer
   ): SessionQueryResultSet!

For the input, you'll have to give any text on which to search for sessions, indicate whether to include only active ones, whether to filter at organization or user level, how to sort and order results, and the number of results to skip and how many to return. See the Import Parameters section for more details.

For the results, you can get the total results found, client data (e.g., name and IP address), as well as if the session is still active. To see your choices, scroll down to the Returned Values section.

Example

Raw
graphql
query{
  sessions(
    searchFilter: "company.com"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query{ ^
  sessions( ^
    searchFilter: \"company.com\" ^
    limit: 10 ^
    skip: 0 ^
    onlyActiveSessions: false  ^
    level: Organization ^
    sortBy: User ^
    orderBy: DESC ^
  ) ^
  {totalResults, results {id, user{username}}} ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query{
  sessions(
    searchFilter: \"company.com\"
    limit: 10
    skip: 0
    onlyActiveSessions: false 
    level: Organization
    sortBy: User
    orderBy: DESC
  )
  {totalResults, results {id, user{username}}}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "sessions": {
      "totalResults": 2,
      "results": [
        {
          "id": "abc123",
          "user": {
            "username": "steve@company.com"
          }
        },
        {
          "id": "def456",
          "user": {
            "username": "bob@company.com"
          }
        }
      ]
    }
  }
}

This example searches for sessions with users who have an email address using company.com. It includes active and inactive sessions. And sorts by users in descending order. For the results, it's requesting the ID and username for each session.

Input Parameters

For the input, you would provide any text on which to search for sessions, indicate whether to include only active sessions, whether to filter at organization or user level (see second table below), how to sort results (see third table), how to order results (see fourth), and the number of results to skip and how many to return.

Table: Input Parameters & Datatypes

Parameter Type Required Default Description
This table contains all input parameters for this query. Since some of the parameters use special datatypes, additional tables for them are included below.
level Sessions__Filter_Level     Whether to sort by user or organization. See table below.
limit integer   50 The maximum number of results to return.
onlyActiveSessions boolean   true Whether to include only active sessions in results.
orderBy OrderBy   ASC How to order results. See table below.
searchFilter string     Any text on which to filter results.
skip integer yes 0 The number of results to skip, or offset to use.
sortBy Sessions__SortBy     The session factor by which to sort the results. See table below.

For this special input datatype, there is a short enumerated list to filter at organization or user level.

Table: Sessions__Filter_Level Enum Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 10, 2025
Organization  ✓Long-TermFilter sessions based on organization.
User   Long-TermFilter sessions based on user.

The second special datatype is used to sort results by key factors (e.g., log in time, IP address). The choices for this are listed in the table below:

Table: Sessions__SortBy Enum Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 10, 2025
ClientInfo   Long-TermSort sessions by client information.
IPAddress   Long-TermSort sessions by IP address.
LastActivityTime  ✓Long-TermSort sessions by the time last active.
Location   Long-TermSort sessions by location.
LoginTime   Long-TermSort sessions by login time.
User   Long-TermSort sessions by user.

The other input datatype is a simple one. You can return results based on whether they are in ascending or descending order, alphanumerically.

Table: OrderBy Enum Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 10, 2025
ASC  ✓Long-TermOrder results in ascending order (e.g., 0 to 9, A to Z).
DESC   Long-TermOrder results in descending order (e.g., 9 to 0, Z to A).

Returned Values

For the results, you can get the total results found, client data (e.g., name and IP address), as well as when the session started, when it was last active, and if it's still active. The table below lists the two choices for this datatype, but you'll have to see the second table below for sub-choices, which will provide more details:

Table: SessionQueryResultSet Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 3, 2024
results[Session]yes Long-TermThe paginated results set. See Session.
totalResultsintegeryes Long-TermThe total number of matching results.

The datatype above uses another datatype for detailed information on each session. For your convenience, the table for that sub-datatype is included here:

Table: Session Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Oct 3, 2024
citystring  Long-TermApproximate city from IP address.
clientInfostringyes Long-TermInformation about the client.
countrystring  Long-TermCountry from IP address.
createdAtlong  Long-TermThe time at which the session was created.
idstringyes Long-TermThe unique identifier of the session.
ipstringyes Long-TermThe IP of the client when the session was created.
isCurrentSessionbooleanyes Long-TermWhether the session is the current session for the user.
lastActivityAtlong  Long-TermThe time at which the session was last active.
userUseryes Long-TermThe user that created the session. See User.