circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Perform a Search on a Logpoint via Director Console API

Logpoint collects logs using different collectors and fetchers and stores them securely until the time specified in the system. You can search these logs using the Logpoint query language.

You can use the Search - FetchSearchLogs API to search the logs stored in a Fabric-enabled Logpoint. The endpoint allows you to send multiple parameters and returns the logs that match the parameters. Refer to the Search guide for more details on the parameters.

hashtag
Sample API Requests and Responses for performing Search on a Logpoint via Director Console API

The following example demonstrates a search via Director Console API using the user_id, query, time_range, limit, and repo parameters:

  • Execute the Search - FetchSearchLogs API in the Director Console API.

    Config API:

POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Search/logs/fetch

    {
        "data":{
            "user_id": "5a466e9dd8aaa4748d3977c7",
            "query": "device_name=localhost",
            "time_range": ["1640082646","1640084446"],
            "limit": 2,
            "repo": ["127.0.0.1:5504:_logpoint"]
        }
    }

Response:

{
"status": "Success",
"message": "monitorapi/v1/336294dbd0f141ce86cb925bca74133a/41b5b7fffa6c4e3cb6bc6d799a5ee6e5/orders/71c23e11-a25b-4688-a88d-275e14251d6c"
}

Monitoring API:

GET
https://api-server-host-name/monitorapi/v1/336294dbd0f141ce86cb925bca74133a/41b5b7fffa6c4e3cb6bc6d799a5ee6e5/orders/71c23e11-a25b-4688-a88d-275e14251d6c

Response:

{
  "request": {

  },
  "logpoint_identifier": "ea92ab66cae24e4e9fe22189468056f8",
  "pool_uuid": "a068f9a59fbc424db87f59ad1f4de86d",
  "response": {
    "query_type": "simple",
    "rows": [
      {
        "col_ts": 1640084438,
        "msg": "Dec 21 11:00:27 logpoint9-17 sudo: pam_unix(sudo:session): session closed for user loginspect",
        "_tz": "UTC",
        "log_ts": 1640084438,
        "_identifier": "0",
        "collected_at": "LogPoint",
        "device_ip": "127.0.0.1",
        "_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy _fromV550 repo_name logpoint_name",
        "device_name": "localhost",
        "_offset": 41176,
        "_fromV550": "t",
        "logpoint_name": "LogPoint",
        "_enrich_policy": "None",
        "_type_num": "col_ts log_ts _offset _identifier",
        "repo_name": "_logpoint",
        "_type_ip": "device_ip",
        "col_type": "filesystem",
        "source_name": "/var/log/auth.log",
        "_labels": [

        ]
      },
      {
        "col_ts": 1640084438,
        "msg": "Dec 21 11:00:28 logpoint9-17 CRON[1274745]: pam_unix(cron:session): session closed for user root",
        "_tz": "UTC",
        "log_ts": 1640084438,
        "_identifier": "0",
        "collected_at": "LogPoint",
        "device_ip": "127.0.0.1",
        "_type_str": "msg col_type device_name collected_at device_ip source_name _tz _enrich_policy _fromV550 repo_name logpoint_name",
        "device_name": "localhost",
        "_offset": 41352,
        "_fromV550": "t",
        "logpoint_name": "LogPoint",
        "_enrich_policy": "None",
        "_type_num": "col_ts log_ts _offset _identifier",
        "repo_name": "_logpoint",
        "_type_ip": "device_ip",
        "col_type": "filesystem",
        "source_name": "/var/log/auth.log",
        "_labels": [

        ]
      }
    ],
    "version": 4,
    "extracted_terms": [
      "device_name:localhost"
    ],
    "time_range": [
      1640082646,
      1640084446
    ],
    "orig_search_id": "bfdb497b-db21-4f49-8ffa-7499912d879e",
    "success": true,
    "final": true,
    "totalPages": 1,
    "estim_count": 6784,
    "complete": true,
    "status": {
      "LogPoint": {
        "default": {
          "@class": "com.logpoint.libcommon.merger.api.SimpleStatus",
          "estim_count": 0,
          "final": true
        },
        "_logpoint": {
          "@class": "com.logpoint.libcommon.merger.api.SimpleStatus",
          "estim_count": 6784,
          "final": true
        },
        "_LogPointAlerts": {
          "@class": "com.logpoint.libcommon.merger.api.SimpleStatus",
          "estim_count": 0,
          "final": true
        }
      }
    }
  }
}

Last updated

Was this helpful?