Using the Scroll api over Graylog REST API call

Hi,

could somebody give me a hint, how to make use of the “scroll” feature in REST API calls? I need to fetch a result greater than 10.000 messages without messing around with index.max_result_window (won’t help that much, because the result will contain >500K messages). I’m using python and the endpoints /api/search/universal/relative and /api/search/relative/absolute for the query.

Cheers,
Martin

To check the original WUI is always a good idea.
I did it, and my browser use the following url when I scroll the page.

http://IP:9000/api/search/universal/relative?query=%2A&range=300&limit=150&offset=150&sort=timestamp%3Adesc

In your case the &limit=150&offset=150 will be the key.

Hi macko003,

thanks for your help. That solution sounds pretty good, but I’m wondering how the WUI gets this information

Found 246,742 messages in 48 ms, searched in 10
indices<https://<hostname>/search?rangetype=relative&fields=message%2Csource&width=1922&highlightMessage=&relative=86400
&q=source%3Afoo%20AND%20message%3A%22bar%22>

Because I need the total amount messages to iterate through all the pages using limit and offset.

Cheers,
Martin

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.