Inconsistent Data Retrieval from Graylog API Endpoint 'api/search/universal/relative'

I’m using Graylog version 5, and I’m encountering intermittent issues while fetching data from the ‘api/search/universal/relative’ API endpoint. Despite multiple attempts, the data retrieval appears to be inconsistent, and there seems to be no apparent pattern to this behavior. I would appreciate any insights or potential solutions regarding this matter.

Please provide some more details

  • the API request
  • returned data (redacted as necessary)
  • expected data
  • how is the result inconsistent?

When I say inconsistent, I mean that the API sometimes returns data, and sometimes it returns empty results with a status of 200. empty data means nothing in the response just a white screen.

please take a look at the below screenshots.

Response with Data (
Empty Response with Status 200 (

Could you also paste the full HTTP request? Thx.

Yes, here is the HTTP request<6&batch_size=500&fields=Project,level,message&range=86400&limit=5000

Have you set the accept header? There are 2 versions of this API: CSV and JSON. If you don’t set the header it’s uncertain which one you get.

My other hunch is that it is related to the chunked CSV response. Do you see the issue when selecting JSON response type?

Hi, thank you for pointing me in the right direction. I just modified the accept header from ‘text/csv’ to ‘application/json,’ and it appears to be functioning properly now. However, the total records that the API returns are different from what I see on the Graylog dashboard. For instance, if a project has 230 log counts on the Graylog dashboard, the API returns twice that amount, resulting in 460 log counts.

Please capture the search request that is generated in the UI via browser devtools.
Should become evident then what is going on.

please take a look at this

The Graylog UI communicates with the server exclusively via the public APIs. Since the results are different, there must be a difference in the API call from the UI and the API call you are submitting.
Capture the API call from the UI via the browser tools. Compare that to your manually generated API request.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.