Search this site

API Documentation

Contents

  1. 1 General API Information
  2. 2 Search API
  3. 3 Facet API
  4. 4 Examples
    1. 4.1 Command Line Manipulation
  5. 5 Return Codes
The following is a list of APIs that you can use to interact with Loggly from your own software.

General API Information

To access the APIs, use your own subdomain, such as pixlcloud.loggly.com. To access the API, you need to authenticate. We support BASIC Auth and Cookie-based authentication.

The APIs that are documented below are the ones we are officially supporting. There are others and if you happen to find them, use them at your own risk. We will be adding more API calls here as soon as they are ready for public consumption.

The URL to hit the APIs is: http://[domain].loggly.com/api/[endpoint]

To get a secure connection, you can use https for the APIs as well!

Search API

Endpoint: search/
Description: Lets the user search his data.
Parameters:
Required:
  • q, which is the search string. See search guide for more information. Examples are:
    • q=inputname:loggly -- all the data from the input with name loggly
    • q=log* -- anything starting with log
Optional:
  • rows, 10 by default - how many rows should be displayed at max
  • start, 0 by default - gives the offset into the search. You can start at 10, which will omit the first 9 results.
  • from, is set to 24 hours into the past (NOW-24HOURS) by default -- see solr for exact format
  • until, is set to NOW by default -- see solr for time format
  • order, desc by default = [asc|desc]
  • callback, if you are doing a JSONP call, you can set the callback method for Loggly to return a JSONP formatted response. (See our blog entry for more information).
  • format, json by default = [json|xml|text] - specifies the output format. You can have either JSON or XML output.
  • fields, define what fields should be output in the data section of the output. By default all fields are returned. Valid values are: id,timestamp,ip,inputname,text. You can specify multiple fields by separating them with a comma. For example: &fields=ip,text
Notes:
  • When passing in time differences, make sure you are encoding + as %2B
    Example: until=201005-13T16:00:00PDT%2B1HOUR

Output: Regular search (list of dictionaries) 
{
    "data": [
    {
        "timestamp": "2010-02-17 02:08:45.912-0700",
        "inputname": "solrclient",
        "ip": "127.0.0.1",
        "text": "btpool0-87 SolrCore.execute INFO: [repo_6] webapp=/solr path=/select/ params={sort=timestamp+desc&start=0&q=404&version=2.2&rows=100} hits=7182 status=0 QTime=0 \n",
    },
    {
        "timestamp": "2010-02-17 02:08:29.123-0700",
        "inputname": "solrclient",
        "ip": "127.0.0.1",
        "text": "btpool0-87 SolrCore.execute INFO: [repo_6] webapp=/solr path=/select/ params={sort=timestamp+desc&start=0&q=404&version=2.2&rows=100} hits=7182 status=0 QTime=3 \n",
    }
    ],
    "numFound": 2070,
    "context": {
        "rows": 10, 
        "from": "NOW-1DAY", 
        "until": "NOW", 
        "start": 0, 
        "query": "404", 
        "order": "desc"
    }
}

The above example was generated with: curl -u [user]:[pass] 'http://[domain].loggly.com/api/search?q=404'

Facet API

Endpoint: facet/[date|ip|input]/
Description: Lets the user search his data and returns facets for it. Use either field: date, ip, or input to retrieve facets for either of these fields.
Parameters:
Required:
  • q, which is the search string. See search guide for more information. Examples are:
    • q=inputname:loggly -- all the data from the input with name loggly
    • q=log* -- anything starting with log
Optional:
  • from, is set to 24 hours into the past (NOW-24HOURS) by default -- see solr for exact format
  • until, is set to NOW by default -- see solr for time format
  • buckets, not set by default, only valid if facets=true - defines into how many buckets the time range should be split. Note that if the time range cannot be divided into the number of buckets (on a second granularity), it will create one more bucket than requested.
  • gap, +1HOUR by default, only valid if facets=true - defines the gap between buckets
  • facetby, not set by default, only valid if facets=true - facetby = [ip|inputname|text] - defines a field to run the facets over.
  • callback, if you are doing a JSONP call, you can set the callback method for Loggly to return a JSONP formatted response. (See our blog entry for more information).
  • format, json by default = [json|xml] - specifies the output format. You can have either JSON or XML output.
Notes:
  • When passing in gaps or time differences, make sure you are encoding + as %2B
    Example: until=201005-13T16:00:00PDT%2B1HOUR

Output: Facet search (a single dictionary, note that the data is not sorted!) 

{
    "numFound": 1484, 
    "gap": "+30MINUTES", 
    "gmt_offset": "-0700", 
    "start": 0, 
    "context": {
        "rows": null, 
        "from": "NOW-1DAY/HOUR", 
        "until": "NOW+1HOUR/HOUR", 
        "start": 0, 
        "query": "404", 
        "order": "desc"
    }, 
    "data": {
        "2010-05-13 11:00:00.123-0700": 3060, 
        "2010-05-13 15:57:10.223-0700": 1457, 
        "2010-05-13 20:54:20.232-0700": 5772, 
        "2010-05-14 06:48:40.233-0700": 1347, 
        "2010-05-14 01:51:30.235-0700": 644, 
        "2010-05-14 11:45:50.345-0700": 0
    }
}

The above example was generated with: curl -u [user]:[pass] 'http://[domain].loggly.com/api/facets/date/?q=404'

Examples

The easiest way to access the APIs is to use CURL or WGET. For example, to execute a search, this is how you can use curl to do so:

curl -u [user]:[pass] 'http://[domain].loggly.com/api/search?q=404'

Don't forget to replace [user] with your username, for example raffy, the [pass] with your password, and [domain] with your subdomain.

Command Line Manipulation

Here is another example that we like to use here at Loggly to mimic command line behavior and use UNIX commands to operate on our log data:

curl -u [user]:[pass] 'http://[domain].loggly.com/api/search?q=404&format=text&fields=text'

This will generate plain text results of just the original log records. You can then use any UNIX command to process your data further by piping the results into it:

curl -u [user]:[pass] 'http://[domain].loggly.com/api/search?q=404&format=text&fields=text' | awk -F, '{print $4}'


Return Codes

When querying the APIs, you will receive an HTTP return code that tells you whether your request was successful or not.

200 OK Indicates that the request was successful.
201 CreatedThe object was successfully created. This is for a POST call.
204 DeletedThe object was deleted. This pertains to DELETE calls.
400 Bad Request Check your request parameters. You might be using an unsupported parameter or have malformed something.
401 Unauthorized Either your credentials specified were invalid.
403 ForbiddenUser does not have privileges to execute the action.
404 Not Found The resource you have referenced could not be found.
409 Conflict/Duplicate
 There was some conflict. Most likely you are trying to create a resource that already exists.
410 Gone You have referenced an object that does not exist.
500 Internal Server Error There has been an error from which Loggly could not recover. It is likely that the error is a bug on Loggly's side. Support automatically receives notifications of these errors.
501 Not Implemented
You are trying to access functionality that is not implemented. If you feel this is a mistake, let us know.
503 Throttled
Your request was throttled. This can happen if you are issuing too many requests in a short amount of time. Back off for a while and try again.

i/search/?q=404  

  Sign in   Recent Site Activity   Terms   Report Abuse   Print page  |  Powered by Google Sites