How to do aggregation by API in 4.x

Description of your problem

Get a better understanding of how to use View-API (/view/*) that can be seen in the next picture
I have not found a detailed documentation about the API, therefore I am unsure how to use.

API-GL-4-x1097×640 82.9 KB

How API was used in Version 3.3

In Graylog Version 3.3, I am using legacy aggregation api that is depracted in 4.x
https://docs.graylog.org/en/3.3/pages/upgrade/graylog-3.3.html#deprecating-legacy-aggregation-api-endpoints

It is usful to automate and pull satistics based on certain fields, e. g. “counts for fieldname srccountry”
See my following example.

```
curl -X GET  "https://graylog.net:9000/api/search/universal/relative/terms?field=srccountry&query=streams%3A5c6feab5e3ef56000b1456fb&range=3600" | json_pp


   "terms" : {
      "Bosnia and Herzegovina" : 1,
      "Indonesia" : 1,
      "Germany" : 22,
      "Ireland" : 5,
      "Luxembourg" : 2,
      "Singapore" : 6,
      "Denmark" : 3,
      "Lithuania" : 1,
      "Korea, Republic of" : 1,
      "Russian Federation" : 38,
      "Brazil" : 1,
      "Hong Kong" : 3,
      "Romania" : 1,
      "Egypt" : 1,
      "Switzerland" : 1,
      "United Kingdom" : 8,
      "China" : 52,
      "United States" : 89,
      "Ukraine" : 85,
      "Bulgaria" : 2,
      "Netherlands" : 40,
      "Canada" : 1,
      "Reserved" : 1,
      "Chile" : 1,
      "Japan" : 6,
      "France" : 1
   }
```

Can anyone help, explain or provide an example how to use 4.x API to build my example from deprecated/legacy 3.3 API?

Many, many thanks!

Hello,
To help us, help you better we would need some more information. Check out this post for a better understanding .

Perhaps something in this post might help

Hi gsmith,

thanks for your feedback.

1. I’ll do better if posting a problem the next time!
2. Your hints have been helpfull. I managed to used API endpoint /views/search/sync

Many thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.