Graylog API message through curl not fetching data

(Raju) #1

Hi Team,

I am facing difficulties to fetch graylog api messages through curl command. Through API browser, I am able to retrieve messages via " [Search/Relative]: Message search" with below request url. But, i am facing difficulties to retrieve the same messages through curl command.

request url in api browser section::

[[zhsucms@Serverhost1 ~]$ curl -v --user support_gray:leo$123 -X GET ‘http://grayloghostname :12900/search /universal/relative?query=CV547&range=86400&fields=message%2Csource’

  • About to connect() to grayloghostname port 12900 (#0)
  • Trying… connected
  • Connected to grayloghostname (grayloghostip) port 12900 (#0)
  • Server auth using Basic with user ‘support_gray’

GET /search /universal/relative?query=CV547&range=86400&fields=message%2Csource HTTP/1.1
Authorization: Basic c3VwcG9ydF9ncmF5OmxlbzIz
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: grayloghostserver:12900
Accept: /

< HTTP/1.1 505 HTTP Version Not Supported
< Date: Thu, 18 Oct 2018 07:06:45 GMT
< Connection: close
< Content-Length: 0

  • Closing connection #0

Please help me to retrieve the messages through curl command.

(Raju) #2


Could you please help me on above. I needed this for automation.

(Jan Doberstein) #3

The user @graylogDev is not related to the Graylog Project or Company …

if you need time-sensitive support, please contact Graylog sales to get the official support that follows any kind of SLA.

For me the following is working:

curl -X GET  "https://graylog.local.lan/graylog/api/search/universal/absolute?query=source%3Arpi.lan&from=2018-10-16T12%3A00%3A00.000Z&to=2018-10-16T16%3A00%3A00.000Z&fields=source%2cmessage"

It will return a json of the result and the requested fields. I have no authentication Information in this string because I use a Proxy that make use of the SSO Plugin to authenticate. You have the URL in the API Browser to be used - your formatting does not allow to debug whatever you try to say.

(Raju) #4

Hi @jan, Thanks for your response on my query.

Below is the command that i am using.

curl --user support_gray:leo$123 -H ‘Accept: application/json’ -X GET “”

(Jan Doberstein) #5

I see nothing wrong - the only wrong ", might because of copy&paste error …

(Raju) #6

Hi @jan,

Thanks for your each and every response.

I have one more query regarding this.

Do we have separate url’s for graylog dashboard and for API requests? . Currently, I am accessing the curl through dashboard url and the url which i got in the graylog rest api browser[search/relative:message search] request url section.

If we have separate url for API requests then please let me know how to get those link and to search the messages with it.

Using the Url from “Request Url” section

(Jan Doberstein) #7

The URL is what you see in the Request URL - no matter if that is made by the web interface or your curl.

(Raju) #8

Hi @jan,

Thank you so much.

I got the issue, its due to ‘$’ character in password. It’s actually an issue with curl. I thought its due to some permissions or any issue with graylog API. But, finally it’s due special symbol in my password.

For the above url, i tried like below and able to get messages.
–user support_gray:leo/$123

(system) #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.