Graylog API Documentation

Development
1

Hi,

where can I find the Graylog REST API documentation?
The API browser only shows existing API functions
without an explanation of which parameters are required
for which function and their meaning.
At least I’m missing a brief howto for creating, updating or deleting
searches.

Thanks
Frank

2

Greetings @faunsen. We don’t have any public-facing API docs at the moment (we’re working to get that changed), but the API browser should show you what parameters are required for a call if you expand the specific endpoint you’re trying to use. Is there something specific you’re looking to do that the API browser doesn’t seem to be showing?

3

Hi @aaronsachs, thank you for the reply.
It wasn’t easy to sniff the network traffic and analyze the GUI with the developer tools.
But now I got most of the things running.
It would be very helpful if you could comment on what I have made.

  • Simple search:

    • create ids for search, query and search_type (MongoDb ObjectId ?)
    • create a search (POST /views/search) with search_type ‘messages’
    • execute it (POST /views/search/<search_id>/execute)

  • Save search:

    • create ids for view, search, query and search_type
    • create a search (POST /views/search)
    • create a view (POST /views) and link the search via search_id
    • or update a view (PUT /views/<view_id>

  • Aggregate fields from a search

    • create a search with search_type ‘pivot’

Determining which parameters are mandatory and their meaning was the hardest part.
I couldn’t find anything about e.g. ViewDTO data type.
Or what the parameter rollup for the pivot search_type means.
Or what a query object looks like.

Thank you
Frank

Here are the JSON objects for the requests:

  • Create search
    {
       "queries" : [
          {
             "search_types" : [
                {
                   "query" : null,
                   "type" : "messages",
                   "filter" : null,
                   "decorators" : [],
                   "offset" : 0,
                   "id" : "5ff438549150ddc6b4ce531b",
                   "limit" : 20,
                   "sort" : [
                      {
                         "field" : "timestamp",
                         "order" : "ASC"
                      }
                   ],
                   "name" : null,
                   "streams" : [],
                   "timerange" : null
                }
             ],
             "query" : {
                "type" : "elasticsearch",
                "query_string" : "*"
             },
             "id" : "5ff438549150ddc6b4ce531a",
             "timerange" : {
                "type" : "absolute",
                "from" : "2021-01-05T09:58:24.000+01:00",
                "to" : "2021-01-05T11:08:24.000+01:00"
             }
          }
       ],
       "id" : "5ff438549150ddc6b4ce5319"
    }
  • Save search (create view)
{
   "type" : "SEARCH",
   "id" : "5ff3487156581d5486cb2f52",
   "search_id" : "5ff438549150ddc6b4ce5319",
   "title" : "Search all",
   "state" : {}
}
  • Aggregate fields
{
   "queries" : [
      {
         "search_types" : [
            {
               "id" : "5ff4367b006cfc944ed3fc22",
               "column_groups" : [],
               "rollup" : 1,
               "type" : "pivot",
               "row_groups" : [
                  {
                     "limit" : 10000,
                     "type" : "values",
                     "field" : "source"
                  }
               ],
               "series" : [],
               "name" : null
            }
         ],
         "timerange" : {
            "type" : "absolute",
            "from" : "2021-01-05T09:50:51.000+01:00",
            "to" : "2021-01-05T11:00:51.000+01:00"
         },
         "id" : "5ff4367b006cfc944ed3fc21",
         "query" : {
            "type" : "elasticsearch",
            "query_string" : "*"
         }
      }
   ],
   "id" : "5ff4367b006cfc944ed3fc20"
}
2 Likes
4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.