Searching for messages using the REST API: json vs csv

Hi All,

I’m hoping you can help me. I’m trying to use the REST API to search for messages.

I have been able to successfully get results from the views/search/messages endpoint but the response is csv and seems to truncate long messages.

It seems like I should be able to use views/search/sync to perform the same search but I haven’t had any success.

Here’s how I’m getting the csv search results:

curl \
     -X POST "https://graylog/api/views/search/messages" \
     -u 'XXXXXX:XXXXXX' \
     -H 'X-Requested-By: clag' \
     -H 'Content-Type: application/json' \
     -H 'Accept: text/csv' \
     -d $'{
  "streams": [ "601b4e875c22306d40d53109" ], "query_string": { "type": "elasticsearch", "query_string": "LoggingInterceptor" }, "timerange": { "type": "relative", "range": 30000 } }'

This is my current attempt to use views/search/sync instead:

curl \
     -X POST "https://graylog/api/views/search/sync" \
     -u 'XXXXXX:XXXXXX' \
     -H 'X-Requested-By: clag' \
     -H 'Content-Type: application/json' \
     -H 'Accept: application/json' \
     -d $'
{
  "queries":
  [
   {
    "id": "blah",
    "query":
    {
      "type": "elasticsearch",
      "query_string": "LoggingInterceptor"
    },
    "timerange": { "type": "relative", "range": 3600 }

   }
  ]
}

I don’t get any errors but I don’t get any results. It seems like I’m pretty close to an answer but I’m stumped at the moment.

Graylog version is 3.3

Thanks in advance,
Jeremy

Hello @Jeremy && Welcome

Just touching base, I haven’t used 3.3 version in a couple years. I know there was some change in the API’s but I forgot. I’ll have to go through my notes & see what I can find, unless someone here jumps in.

Here is some old doc’s you can go through.

• Graylog REST API — Graylog 3.3.8 documentation

Thanks for the response. I will have some time next week to look at this again and I’ll get back to you one way or the other.