I am trying to use REST API for searching through messages. I need to search message containing some string. I followed the document, created the token and able to access APIs.
Hey,
I do have a similar question as you do.
I have been using /Legacy/Search/Absolute endpoint to search through messages, but it has been deprecated and it is going to be disabled as with 4.0.0. Currently you need to provide lucene query, timerange start/end as well as comma separated list of fields to return:
Unfortunately for us - some changes have been made there, namely the response content type, has been changed to plaintext/csv and fields variable became a requirement (previously it returned all fields by default).
I’ve been able to find this pull request in GL2 repo:
Unfortunately I was not able to find any documentation nor examples for Views API and I am as confused as you currently are.
Is there anyone that could explain and/or provide us with working examples? How can I search for particular query within a specified time frame using Views API?
Looking forward to your reply.
Edit: Forgot to add - I am currently on 3.3.6 and I am affraid of upgrading it further. It already made our integration non-functional for the time being.
To anyone interested: documentation is lacking a proper description and API responses are somewhat enigmatic, but I managed to make it work. If you would like to search for messages using aforementioned endpoint, heres the json body you need to use:
[POST] /views/search/messages
{
“streams”: [
“000000000000000000000001”
],
“timerange”: [
“absolute”,
{
“from”: “2020-12-01T00:00:00.000Z”,
“to”: “2020-12-01T15:00:00.000Z”
}
],
“query_string”: { “type”:“elasticsearch”, “query_string”:“your_query” }
}
if i want to get 1 hour ago until now data
how can i set timerange
tks
could you plz tell me how to use it in curl
thank you very much
one open would be to use the relative time,
Include the streams ID you want to search in, include the query string in the query_string object and the time you want to search as relative.
The below search will return as CSV/export.
## Search via Export API
curl -X "POST" "https://graylog.ch/api/views/search/messages" \
-H 'X-Requested-By: Mamamia' \
-H 'Content-Type: application/json' \
-H 'Accept: text/csv' \
-u 'admin:password' \
-d $'{
"streams": [
"5e569003c793163fea1b3373"
],
"query_string": {
"type": "elasticsearch",
"query_string": "section:boulder"
},
"timerange": {
"type": "relative",
"range": 30000
}
}'
thank you very very much
when search use keyword include “=”
like dstport=80
cat not get correct result
how can i do for it
tks
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.