Perform a Search on a Logpoint via Director Console API
Logpoint collects logs using different collectors and fetchers and stores them securely until the time specified in the system. You can search these logs using the Logpoint query language.
You can use the Search - FetchSearchLogs API to search the logs stored in a Fabric-enabled Logpoint. The endpoint allows you to send multiple parameters and returns the logs that match the parameters. Refer to the Search guide for more details on the parameters.
Sample API Requests and Responses for performing Search on a Logpoint via Director Console API
The following example demonstrates a search via Director Console API using the user_id, query, time_range, limit, and repo parameters:
Execute the Search - FetchSearchLogs API in the Director Console API.
Config API: POST https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Search/logs/fetch { "data":{ "user_id": "5a466e9dd8aaa4748d3977c7", "query": "device_name=localhost", "time_range": ["1640082646","1640084446"], "limit": 2, "repo": ["127.0.0.1:5504:_logpoint"] } } Response: { "status": "Success", "message": "monitorapi/v1/336294dbd0f141ce86cb925bca74133a/41b5b7fffa6c4e3cb6bc6d799a5ee6e5/orders/71c23e11-a25b-4688-a88d-275e14251d6c" } Monitoring API: GET https://api-server-host-name/monitorapi/v1/336294dbd0f141ce86cb925bca74133a/41b5b7fffa6c4e3cb6bc6d799a5ee6e5/orders/71c23e11-a25b-4688-a88d-275e14251d6c Response: { "request": { }, "logpoint_identifier": "ea92ab66cae24e4e9fe22189468056f8", "pool_uuid": "a068f9a59fbc424db87f59ad1f4de86d", "response": { "query_type": "simple", "rows": [ { "col_ts": 1640084438, "msg": "Dec 21 11:00:27 logpoint9-17 sudo: pam_unix(sudo:session): session closed for user loginspect", "_tz": "UTC", "log_ts": 1640084438, "_identifier": "0", "collected_at": "LogPoint", "device_ip": "127.0.0.1", "_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy _fromV550 repo_name logpoint_name", "device_name": "localhost", "_offset": 41176, "_fromV550": "t", "logpoint_name": "LogPoint", "_enrich_policy": "None", "_type_num": "col_ts log_ts _offset _identifier", "repo_name": "_logpoint", "_type_ip": "device_ip", "col_type": "filesystem", "source_name": "/var/log/auth.log", "_labels": [ ] }, { "col_ts": 1640084438, "msg": "Dec 21 11:00:28 logpoint9-17 CRON[1274745]: pam_unix(cron:session): session closed for user root", "_tz": "UTC", "log_ts": 1640084438, "_identifier": "0", "collected_at": "LogPoint", "device_ip": "127.0.0.1", "_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy _fromV550 repo_name logpoint_name", "device_name": "localhost", "_offset": 41352, "_fromV550": "t", "logpoint_name": "LogPoint", "_enrich_policy": "None", "_type_num": "col_ts log_ts _offset _identifier", "repo_name": "_logpoint", "_type_ip": "device_ip", "col_type": "filesystem", "source_name": "/var/log/auth.log", "_labels": [ ] } ], "version": 4, "extracted_terms": [ "device_name:localhost" ], "time_range": [ 1640082646, 1640084446 ], "orig_search_id": "bfdb497b-db21-4f49-8ffa-7499912d879e", "success": true, "final": true, "totalPages": 1, "estim_count": 6784, "complete": true, "status": { "LogPoint": { "default": { "@class": "com.logpoint.libcommon.merger.api.SimpleStatus", "estim_count": 0, "final": true }, "_logpoint": { "@class": "com.logpoint.libcommon.merger.api.SimpleStatus", "estim_count": 6784, "final": true }, "_LogPointAlerts": { "@class": "com.logpoint.libcommon.merger.api.SimpleStatus", "estim_count": 0, "final": true } } } } }
Last updated
Was this helpful?