Searching messages from a stream via the REST API


I’m having difficulties searching messages from a stream via the REST API. Graylog is version 2.1.3.

I’m able to search using the admin user with the “Search/Absolute : Message search” API feature, but I have a need to search from a stream with a user that only has privileges to that particular stream.

I have tried the following command without success:
curl --user <streamUser>:<userPwd> -H 'Accept: application/json' -X GET "<streamID>/search?rangetype=relative&fields=message%2Csource&width=1440&highlightMessage=&relative=300&q=error"

The response will be:
{"type":"ApiError","message":"HTTP 404 Not Found"}

If I omit the -H 'Accept: application/json' parameter, curl outputs some HTML so no luck there either.

Although the same conditions return plenty of messages when performed via the Graylog web interface.

So, is there a way to get this done? If so, could you please enlighten me what is the proper format for searching stream messages via the REST API. Thanks. :slight_smile:

Stream search is simply using the universal search (e. g. /search/universal/absolute) and adds a filter (streams:<STREAM_ID>) to it.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.