Belee05
July 5, 2023, 7:24am
1
hi, all
curl --location 'http://192.168.3.31:9000/api/search/universal/absolute?query=private_ip%253A192.168.1.112&from=2023-07-05%252014%253A45%253A15.000&to=2023-07-05%252015%253A30%253A15.000&decorate=true' \
--header 'Authorization: Basic xxx' \
--header 'Cookie: authentication=xxx'
My graylog environment verison is 5.0.8+4c22532, deploying via docker. I request data with api-browser is worked, but it didn’t worked with Postman, curl, python etc. The error message is:must not be empty (path = Relative Search Resource.searchRelativeChunked.arg6, invalid Value = null)
gsmith
July 6, 2023, 4:12am
3
Hey @Belee05
What are you trying to achieve?
Belee05
July 6, 2023, 5:40am
4
Hi gsmith,/search/universal/absolute /api/cluster
gsmith
July 6, 2023, 9:29pm
5
Hey @Belee05
What version of Graylog is installed? I just noticed that is Legacy API as of Version 4.3.
EDIT: I tested it out, the easiest way I can tell ya is naviagte to the API browser --> GET /search/universal/absolute
From there the output was null but the Request URL is available.
https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&limit=10&batch_size=500&fields=message
Results:
[root@graylog ~]# curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&limit=10&batch_size=500&fields=message
[1] 1342
[2] 1343
[3] 1344
[4] 1345
[5] 1346
[3] Done to=2023-06-05T15%3A34%3A49.000Z
[root@graylog ~]#
1 Like
Belee05
July 7, 2023, 2:28am
6
Thanks for reply. My Graylog version is 5.1.2. Your Request URL is also available for me, but the output is not json format, because the data is json format on graylog database. I tested it on API browser, the output data is json format. These is any setting need to set?
Belee05
July 7, 2023, 2:34am
7
There was two URI of
/search/universal/absolute and the first URI return data is text format, the second is json format. You can test it in your environment.
gsmith
July 7, 2023, 2:40am
8
Hey @Belee05
EDIT: I get yeah I seen that, Tested it for ya no issues.
[root@graylog prometheus]# curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&decorate=true
[1] 25354
[2] 25355
[3] 25356
[2]- Done from=2023-06-04T15%3A34%3A49.000Z
[root@graylog prometheus]# curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&decorate=true
[4] 25426
[5] 25427
[6] 25428
[1] Done curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages
[3] Done to=2023-06-05T15%3A34%3A49.000Z
[5]- Done from=2023-06-04T15%3A34%3A49.000Z
[root@graylog prometheus]#
gsmith
July 7, 2023, 2:46am
9
hey Just an FYI , Im running GL 4.3 so if you still having issues Im not 100% sure but it might be the version.
Belee05
July 7, 2023, 3:48am
10
I get another URI:/views/search , the body arg as below. It can resolve my issue.
{
"queries": [
{
"filter": {
"filters": [
{
"type": "stream",
"id": *stream*
}
],
"type": "or"
},
"timerange": {
"type": "absolute",
"from": fr,
"to": to
},
"query": {
"type": "elasticsearch",
"query_string": rule
},
"search_types": [
{
"limit": 10000,
"offset": 0,
"sort": [
{
"field": "timestamp",
"order": "DESC"
}
],
"decorators": [],
"type": "messages",
"filter": null
}
]
}
]
}
system
July 21, 2023, 4:00am
12
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
