he
search via API is different in 4.0 and the documentation lacks behind …
The “best” way currently is to use the export API:
## Search via Export API
curl -X "POST" "https://graylog/api/views/search/messages" \
-H 'X-Requested-By: Mamamia' \
-H 'Content-Type: application/json' \
-H 'Accept: text/csv' \
-u 'USER:PASSWORD' \
-d $'{
"streams": [
"5e569003c793163fea1b3373"
],
"query_string": {
"type": "elasticsearch",
"query_string": "section:boulder"
},
"timerange": {
"type": "relative",
"range": 30000
}
}'
You might want to adjust the streams you want/can search in and the query_string - an your Graylog URL and username/passwort or token.