Page Contents

getsearchlogs
- Parameters Used to Search Logs
- Getting Search Results

getsearchlogs¶

Note

While the following endpoints use the POST methods, they function as GET.

You can search and retrieve logs using this endpoint. username and secret_key are the two mandatory parameters for using this endpoint. You require these parameters for Authorization and Authentication. There are additional parameters that distinguish the API action.

Parameters Used to Search Logs¶

Parameter	Value Type	Description
query	String	A valid search query in Logpoint.
time_range	String	Default search time range of Logpoint.
Repo	Array/List	Repo name indicates the repository where the logs reside.
client_name	String	Indicates the type of client, ‘UI’ is the default value.
timeout	Integer	Indicates the waiting time (in seconds) for a request before canceling it.
search_id	String	Used to get logs of a search query. You receive it from the server only after the successful completion of a search request.
Limit	Integer	The maximum amount of search results to return in the final response. Only applicable in case of simple search queries and not in case of aggregation queries.

Getting Search Results¶

You need to perform two API actions to get search results using Logpoint Search API. First, you need to perform a search request by sending all the required parameters. A successful request responds with a search_id indicating the end of the first API action. In the second API action, you can use this search_id as a request parameter to receive logs resulted from the search query request.

Requesting the search_id¶

Perform a query-based search on requested repos for a limited number of logs within a defined time range. This API action responds with a search_id on successful completion.

POST

https://Logpoint-IP/getsearchlogs

Parameter

Value

Description

username

String type

System username

secret_key

String type

Secret key of Logpoint. Refer to Finding the Access Key.

requestData

JSON Object

A list of JSON objects containing the following parameters:

query: A valid Logpoint search query
time_range: A time range for the search
limit: The number of search results
repos: IP address of the repos

Parameters¶

The parameters should be included in the request body as x-www-form-urlencoded.

{
        "username" : "John",
        "secret_key" : "a1b2c3d4e5f6g7h8i9j0k1",
        "requestData": {
                "query": "|chart count() by device_ip",
                "time_range": "Last 24 hours",
                "limit": 100,
                "repos": ["127.0.0.1:5504/_Logpoint"]
                        }
        }

Note

Content-Type, Content-Length, and Host must be passed in the request header. Content-Type should be application/x-www-form-urlencoded.

Request Example¶

Search ID using Postman.¶

cURL Code¶

curl --location 'https://10.45.10.172/getsearchlogs' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=John' \
--data-urlencode 'secret_key=a1b2c3d4e5f6g7h8i9j0k1' \
--data-urlencode 'requestData={"query": "|chart count() by device_ip", "time_range": "Last 24 hours", "limit": 100, "repos": ["127.0.0.1:5504/_logpoint"]}'

Success Response¶

        {
"search_id": "23b4a5fd-d419-4831-bcf5-e6846857fb64",  # unique ID generated on each search.
"client_type": "UI",
"query_filter": "",
"latest": false,
"lookup": false,
"query_type": "chart",
"time_range": [
        1582023872,
        1582110272
        ],
"searchId": "23b4a5fd-d419-4831-bcf5-e6846857fb64",
"clientType": "UI",
"success": true
        }

Getting Search Logs¶

Retrieve search result logs based on the search_id. The server sends the search result logs in chunks. You need to continue sending the request with the same parameters until you receive a response where final is equal to TRUE. It indicates that you have received all the search result logs.

POST

https://Logpoint-IP/getsearchlogs

Parameter	Value	Description
username	String type	System username
secret_key	String type	Secret key of Logpoint. Refer to Finding the Access Key.
requestData	JSON Object	A JSON object containing a unique search_id.

Parameters¶

The parameters should be included in the request body as x-www-form-urlencoded.

{
        "username" : "John",
        "secret_key" : "a1b2c3d4e5f6g7h8i9j0k1",
        "requestData": {
                "search_id": "23b4a5fd-d419-4831-bcf5-e6846857fb64",
                }

        }

Request Example¶

Search Log using Postman.¶

cURL Code¶

curl --location 'https://10.45.10.172/getsearchlogs' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=John' \
--data-urlencode 'secret_key=a1b2c3d4e5f6g7h8i9j0k1' \
--data-urlencode 'requestData={"search_id": "23b4a5fd-d419-4831-bcf5-e6846857fb64"}'

Success Response¶

{
"num_aggregated": 12345,
"columns": [
        "count()"
        ],
"query_type": "chart",
"rows": [
        {
                "device_ip": "::1",
                ....
                ....
        },
        {
                "device_ip": "127.0.0.1",
                ....
                ....
        }
        ],
"grouping": [
        "device_ip"
        ],
"version": 2,
"interesting_fields": [],
"time_range": [
        1582024214,
        1582110614
        ],
"orig_search_id": "23b4a5fd-d419-4831-bcf5-e6846857fb64",
"success": true,
"final": true,
"totalPages": 1,
"complete": true,
"showAdditionalPanels": true,
"status": {
        ....
        ....
        }
}

Helpful?