Which API to use to query the number of logs from a host?

Hello everyone,
I have Graylog with two streams with each four hosts. Now I would like to use the API to query whether each server has written logs in the last hour for example. What is the easiest API query to do this with?
At the moment I am trying in vain with the “views/search” function. I also did some research and found out that you can do it with “search/universal”. However, I can’t find the version in my current version. Can someone help me please? I really can’t get any further.

Hello,

Correct me if I’m wrong , but this looks like the same post/question?

If not have you tried to get a single value of a widget in graylog using the api?
Graylog has a default dashboard called “Sources” within that dashboard is a widget called “Selected Sources”.

Perhaps you can get the for Dashboard --> Widget --> Source

Example:

Dashboard Views API

Dashboard Sources results /w widget ID’s

"id": "5e4355886704f1e20679f322",
      "type": "DASHBOARD",
      "title": "Sources",
      "summary": "This is a list of all sources that sent in messages to Graylog.",
      "description": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs.",
      "search_id": "629834111d8b91a644ae6d9b",
      "properties": [],
      "requires": {},
      "state": {
        "a1647eb6-a064-4fe6-b459-1e4267d3f659": {
          "selected_fields": null,
          "static_message_list_id": null,
          "titles": {
            "tab": {
              "title": "Sources Overview"
            },
            "widget": {
              "6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources",     
              "00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time",
              "9c8c9d14-5c29-4a17-a958-d9ac80eff0a2": "Number of Sources",             
              "92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source"
            }
          },

Selected Sources Widget information. Noticed the “_id” matches.

{
              "id": "6c127c5d-be75-4157-b43f-ac0194ac0586",
              "type": "aggregation",
              "filter": null,
              "timerange": {
                "type": "relative",
                "range": 3600
              },
              "query": {
                "type": "elasticsearch",
                "query_string": ""
              },
              "streams": [],
              "config": {
                "row_pivots": [
                  {
                    "field": "source",
                    "type": "values",
                    "config": {
                      "limit": 60
                    }
                  }
                ],

You may want to look at this documentation.

Hope that helps.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.