REST API Get data Error

Belee05 · July 5, 2023, 7:24am

hi, all

curl --location 'http://192.168.3.31:9000/api/search/universal/absolute?query=private_ip%253A192.168.1.112&from=2023-07-05%252014%253A45%253A15.000&to=2023-07-05%252015%253A30%253A15.000&decorate=true' \
--header 'Authorization: Basic xxx' \
--header 'Cookie: authentication=xxx'

My graylog environment verison is 5.0.8+4c22532, deploying via docker. I request data with api-browser is worked, but it didn’t worked with Postman, curl, python etc. The error message is:must not be empty (path = Relative Search Resource.searchRelativeChunked.arg6, invalid Value = null).
What should I do in this situation? Thanks!!!

gsmith · July 6, 2023, 4:12am

Hey @Belee05

What are you trying to achieve?

Belee05 · July 6, 2023, 5:40am

Hi gsmith,
I’ m trying to search data via graylog rest api, such as: /search/universal/absolute. Some URI is worked, such as /api/cluster, but /search/universal/absolute is didn’t worked.
Do you have any solution to resolve this issue?

gsmith · July 6, 2023, 9:29pm

Hey @Belee05

What version of Graylog is installed? I just noticed that is Legacy API as of Version 4.3.

EDIT: I tested it out, the easiest way I can tell ya is naviagte to the API browser --> GET /search/universal/absolute
Plugged in all the info.

From there the output was null but the Request URL is available.

https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&limit=10&batch_size=500&fields=message

Results:

[root@graylog ~]# curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&limit=10&batch_size=500&fields=message
[1] 1342
[2] 1343
[3] 1344
[4] 1345
[5] 1346
[3]   Done                    to=2023-06-05T15%3A34%3A49.000Z
[root@graylog ~]#

Belee05 · July 7, 2023, 2:28am

Thanks for reply. My Graylog version is 5.1.2. Your Request URL is also available for me, but the output is not json format, because the data is json format on graylog database. I tested it on API browser, the output data is json format. These is any setting need to set?

Belee05 · July 7, 2023, 2:34am

There was two URI of /search/universal/absolute and the first URI return data is text format, the second is json format. You can test it in your environment.

gsmith · July 7, 2023, 2:40am

Hey @Belee05
Yeah I will, give me a sec

EDIT: I get yeah I seen that, Tested it for ya no issues.

[root@graylog prometheus]#  curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&decorate=true
[1] 25354
[2] 25355
[3] 25356
[2]-  Done                    from=2023-06-04T15%3A34%3A49.000Z
[root@graylog prometheus]# curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages&from=2023-06-04T15%3A34%3A49.000Z&to=2023-06-05T15%3A34%3A49.000Z&decorate=true
[4] 25426
[5] 25427
[6] 25428
[1]   Done                    curl -XGET -k https://domain.com:9000/api/search/universal/absolute?query=messages
[3]   Done                    to=2023-06-05T15%3A34%3A49.000Z
[5]-  Done                    from=2023-06-04T15%3A34%3A49.000Z
[root@graylog prometheus]#

gsmith · July 7, 2023, 2:46am

hey Just an FYI , Im running GL 4.3 so if you still having issues Im not 100% sure but it might be the version.

Belee05 · July 7, 2023, 3:48am

I get another URI:/views/search, the body arg as below. It can resolve my issue.

{
        "queries": [
          {
            "filter": {
              "filters": [
                {
                    "type": "stream",
                    "id": *stream*
                }
              ],
              "type": "or"
            },
            "timerange": {
                "type": "absolute",
                "from": fr,
                "to": to
            },
            "query": {
                "type": "elasticsearch",
                "query_string": rule
            },
            "search_types": [
                {
                    "limit": 10000,
                    "offset": 0,
                    "sort": [
                        {
                            "field": "timestamp",
                            "order": "DESC"
                        }
                    ],
                    "decorators": [],
                    "type": "messages",
                    "filter": null
                }
            ]
          }
        ]
    }

gsmith · July 7, 2023, 3:59am

Awesome @Belee05

Topic		Replies	Views
/api/search/universal/absolute 500 response on providing query in params field Graylog Central (peer support)	6	4935	July 26, 2018
Issue with REST API Graylog Central (peer support) elastic , script	2	214	January 23, 2025
Error when searching with API Graylog Central (peer support)	3	1850	December 4, 2020
REST API - /api/search/universal/absolute Endpoint Development	3	1329	February 28, 2023
After upgrade to version 4.1.6 request to API not working on 1'st node on graylog cluster Graylog Central (peer support)	4	1200	November 5, 2021

REST API Get data Error

Related topics