Searching via REST API

nordsan · November 15, 2022, 1:36pm

Hi,
Which REST API endpoint should be used for searching? /api/search/universal/relative makes sense, but it is listed as “Legacy”. Also, I can’t seem to figure out which roles/permissions my user should have to be granted access to this endpoint. “Admin” works, but “Reader” only returns 403 - I can’t seem to find any Roles that are “in between” Admin and Reader. I’d just like my token to have the permission to search logs.
I also tried using the /api/views/search API and POSTing the following:

{
  "parameters": [],
  "queries": [
    {
      "search_types": [],
      "query": {"type": "elasticsearch","query_string": "*"},
      "timerange": {
        "type": "relative",
        "range": "3000000"
      }
    }
  ]
}

The response contains:

{"id":"63739930527a3b7ac90e10ab","queries":[{"id":"78e13a19-2093-41be-bc92-29b5d31b4fc3", ... }

I can’t seem to understand how to proceed from this. Calling /execute with the same ID returns MissingStreamPermission and GETing /api/views/search/63739930527a3b7ac90e10ab simply returns the same query I sent.

How should I be using search via the REST API? What am I missing?

Thanks

gsmith · November 16, 2022, 12:51am

Hello @nordsan
Lots of questions and I try to answer them best as I can.

Chances are when seeing that, it might get replaced or deleted from the API list.

The roles you see under roles that is it.
Example I have a user with "reader " role, Admin has to give permission to individual Streams, Dashboards , etc… This is done through “Shared” button. Kind of like a two step process.

There is a user and password need to access the API’s, I do believe this was answered here in the forum a couple times. Short answer I think it admin role needed.

Not sure but I would look at these links for clarification on Graylog versions.

I think this is the Schema needed for POST.
/api/views/search

{
  "id": "string",
  "parameters": [
    {
      "name": "string",
      "data_type": "string",
      "binding": {
        "type": "string"
      },
      "description": "string",
      "optional": "boolean",
      "default_value": "any",
      "title": "string",
      "type": "string"
    }
  ],
  "queries": [
    {
      "timerange": {
        "type": "string"
      },
      "query": {},
      "streams": [
        "string"
      ],
      "id": "string",
      "search_types": [
        {
          "filter": "object",
          "timerange": "any",
          "query": {},
          "streams": [
            "string"
          ],
          "name": "string",
          "id": "string",
          "type": "string"
        }
      ]
    }
  ]
}

system · November 30, 2022, 12:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog live demo server (REST API) Development	4	642	November 30, 2022
REST API Search authorization Graylog Central (peer support)	2	3900	May 24, 2017
Search API Endpoint - Good practices Graylog Central (peer support) documentation , automation	3	475	February 7, 2024
Searching messages from a stream via the REST API Graylog Central (peer support)	2	12539	September 12, 2017
User always denied API access Graylog Central (peer support)	5	1544	October 18, 2019

Searching via REST API

Related topics