We’re using Graylog 2.2.2 and when I try to query the search/universal/relative rest API in a JSON format, I get “total_results”:11090 but the messages array contains only 150 entries.
I didn’t find anything in the documentation limiting results for only 150 entries but in the REST API browser, the ‘Response Content Type’ I can select is only ‘text/csv’
This is the full command I’m using:
curl -u USER:PASS -H ‘Accept: application/json’ -X GET http://GRAYLOG_SERVER_ADDRESS/api/search/universal/relative?query=log_level%3AERROR&range=86400&fields=message%2Cservice-name
We’re currently unable to upgrade Graylog (some devops schedule issue).
I think that the problem is due to the fact that there are a lot of results and the data comes chunked.
I’m using multiple queries with a ‘limit’ and ‘offset’ parameters, but thought maybe there’s something I’m missing here.
