REST API - Getting result in json format

Development
,
1

Hi,

I’m currently testing the REST API.

I succedded requesting searches. However I cannot obtain results in json format. It seems only text/csv is accepted as output format.

Does anyone know if there is an option for obtaining json format results.

The header Accept: application/json outputs this error:

{

    "type": "ApiError",

    "message": "HTTP 406 Not Acceptable"

}
2

Hello

Is this what you executed?

curl -u user:password -H 'Accept: application/json' -X GET

If so, then we know the 406 HTTP status means that if a web server detects that the data it wants to return is not acceptable to the client, it returns a header containing the 406 error code.

The client can define the characteristics of the data it will accept back from the web server by using the accept headers.

In this case you declare that you would like to accept application/json:

Request.AddHeader("Accept", "application/json");

I believe Graylog accepts this header already, unless something has changed.

Judging from Graylogs API browser the response content type is in application/json.

Can you execute the same search on the browser? System/Nodes → API browser.

image
image997×532 15 KB

This is unusual issue, since the request are enabled for application/json already. But the CSV export produces output with the MIME type text/csv, which you have to send in your HTTP Accept request header that’s the only one I know of. Can you show exactly what you executing? minus the personal information.

2 Likes
3

Here is the request :

curl -u user:password -H  'Accept: application/json' -H 'X-Requested-by: cli' -d "
{
  "streams": ["000000000000000000000001"],

  "query_string": {
    "type": "elasticsearch",
    "query_string": "_id:92586bc0-a9f6-11ec-943d-000c296b6849"
  },
  "timerange": {
    "type": "relative",
    "range": 0
  }
}"

Resulting :

{

    "type": "ApiError",

    "message": "HTTP 406 Not Acceptable"

}

I tried on the swagger interface and I discovered the response could only be set to text/csv format !

cap
cap1445×1543 148 KB

This must be due by the fact it is an export endpoint.

I found this endpoint: /search/universal/relative which is closer to what I expect. Its response is in json format.

Thanks again for your help @gsmith !

1 Like
4

Of course :+1: any time.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.