Hi All,
I’m hoping you can help me. I’m trying to use the REST API to search for messages.
I have been able to successfully get results from the views/search/messages endpoint but the response is csv and seems to truncate long messages.
It seems like I should be able to use views/search/sync to perform the same search but I haven’t had any success.
Here’s how I’m getting the csv search results:
curl \
-X POST "https://graylog/api/views/search/messages" \
-u 'XXXXXX:XXXXXX' \
-H 'X-Requested-By: clag' \
-H 'Content-Type: application/json' \
-H 'Accept: text/csv' \
-d $'{
"streams": [ "601b4e875c22306d40d53109" ], "query_string": { "type": "elasticsearch", "query_string": "LoggingInterceptor" }, "timerange": { "type": "relative", "range": 30000 } }'
This is my current attempt to use views/search/sync instead:
curl \
-X POST "https://graylog/api/views/search/sync" \
-u 'XXXXXX:XXXXXX' \
-H 'X-Requested-By: clag' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d $'
{
"queries":
[
{
"id": "blah",
"query":
{
"type": "elasticsearch",
"query_string": "LoggingInterceptor"
},
"timerange": { "type": "relative", "range": 3600 }
}
]
}
I don’t get any errors but I don’t get any results. It seems like I’m pretty close to an answer but I’m stumped at the moment.
Graylog version is 3.3
Thanks in advance,
Jeremy