Hi guys!
Quick question here…
I was testing successfully the Graylog (5.2.4) APIs but I’ve seen that there is a “Legacy” term on those…
So I want to know if this is just the currently default way to query for messages or if there is an “updated” way to do that?
By the way… I’m using search/universal/relative for those queries…
What kind of query are you trying to do, because there is the simple search query now that is very easy for basic things.
I’m just querying for messages that are retrieved by the server’s sidecars and stored in the Elasticsearch, my objective would be make the same queries that I can make on the Search tab in the Graylog site, in the API.
As an example I’m making this API call…
http://localhost:9000/api/search/universal/relative?query=filebeat_log_file_path:"/var/log/mail_logs" AND message:"some@domain.name"&range=86400&fields=message,source,filebeat_log_file_path&limit=
http://localhost:9000/api/search/universal/relative?query=filebeat_log_file_path:"/var/log/mail_logs" AND message:"some@domain.name"&range=86400&fields=message,source,filebeat_log_file_path&limit=
The equivalent to that in the Graylog’s Search tab would be…
filebeat_log_file_path:"/var/log/mail_logs" AND message:"some@domain.name"
But again… the API is already working fine, I just wanted to understand if that “Legacy” term is saying that this endpoint is deprecated or something like that… 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.