retrieve_events - Loggly Wiki

- Retrieving Events via the APIs
  - Search Methods
    - Search URI
    - Facet URIs

Retrieving Events via the APIs

Loggly APIs are accessed using your account's subdomain. An example of a subdomain+loggly.com address is pixlcloud.loggly.com. Loggly's APIs require authentication, and OAuth, BASIC Auth, and cookie-based authentication are supported.

Note: The APIs methods documented below are the 'offical' APIs, but there are other methods that you may discover by sniffing the UI's traffic from your browser. If you happen to find and use these, please do so at your own risk. We will be adding more API calls here as soon as they are ready for public consumption. While we are keen on not changing the calls around on users we may from time to time be required to update the methods.

Here's the the layout of the URLs used to access our APIs:

http://[domain].loggly.com/api/[endpoint]

You can also use HTTPS for the accessing the APIs:

https://[domain].loggly.com/api/[endpoint]

Search Methods

The search methods can return raw events, meta data we know about the events, and summary data (facets) on the events. By default, search contexts are constrained to the last 24 hours (relative time) and search across all inputs and devices.

Search URI

/search/

HTTP GET

Provides search results from an account.

Required

Property	Description
q	String to search. See the Search Guide for reference on the Loggly query language.

Optional

Property	Description
rows	Number of rows returned by search. Defaults to 10.
start	Offset for starting row. Defaults to 0.
from	Start time for the search. Defaults to NOW-24HOURS.
until	End time for the search. Defaults to NOW.
order	Direction of results returned, either 'asc' or 'desc'. Defaults to 'desc'.
callback	JSONP callback to receive a JSONP response.
format	Output format, either 'json', 'xml', or 'text'. Defaults to 'json'
fields	Which fields should be output. One or more of the following separated by commas: 'id', 'timestamp', 'ip', 'inputname', 'text'.

Note: When passing in time differences such as 'NOW-1DAY+1MINUTE', be sure you encode the '+' as %2B.

Sample Query

curl -u [user]:[pass] 'http://[domain].loggly.com/api/search?q=404'

JSON Output

{
  "data": [
  {
    "timestamp": "2010-02-17 02:08:45.912-0700",
    "inputname": "solrclient",
    "ip": "127.0.0.1",
    "text": "btpool0-87 SolrCore.execute INFO: [repo_6] webapp=/solr path=/select/ params={sort=timestamp+desc&start=0&q=404&version=2.2&rows=100} hits=7182 status=0 QTime=0 \n",
  },
  {
    "timestamp": "2010-02-17 02:08:29.123-0700",
    "inputname": "solrclient",
    "ip": "127.0.0.1",
    "text": "btpool0-87 SolrCore.execute INFO: [repo_6] webapp=/solr path=/select/ params={sort=timestamp+desc&start=0&q=404&version=2.2&rows=100} hits=7182 status=0 QTime=3 \n",
  }
  ],
  "numFound": 2070,
  "context": {
    "rows": 10, 
    "from": "NOW-1DAY", 
    "until": "NOW", 
    "start": 0, 
    "query": "404", 
    "order": "desc"
  }
}

Facet URIs

/facets/date/
/facets/ip/
/facets/input/

HTTP GET

Provides faceted results from an account on either date, ip, or input fields. Facets return counts of events over a time range.

Required Parameters

Property	Description
q	String to search. See the Search Guide for reference on the Loggly query language.

Optional Parameters

Property	Description
from	Start time for the search. Defaults to NOW-1HOUR.
until	End time for the search. Defaults to NOW.
buckets	Number of buckets the results are split into for a given time range. Defaults to 50.
gap	Set the gap time between buckets. Defaults to +1HOUR
facetby	Field to use for faceting the results. One of 'ip', 'inputname' or 'text'.
callback	JSONP callback to receive a JSONP response.
format	Output format, either 'json', 'xml', or 'text'. Defaults to 'json'

Note: When passing in time differences such as 'NOW-1DAY+1MINUTE', be sure you encode the '+' as %2B.

Sample Query

curl -u [user]:[pass] 'http://[domain].loggly.com/api/facets/date/?q=404'

JSON Output

{
  "numFound": 1484, 
  "gap": "+30MINUTES", 
  "gmt_offset": "-0700", 
  "start": 0, 
  "context": {
    "rows": null, 
    "from": "NOW-1DAY/HOUR", 
    "until": "NOW+1HOUR/HOUR", 
    "start": 0, 
    "query": "404", 
    "order": "desc"
  }, 
  "data": {
    "2010-05-13 11:00:00.123-0700": 3060, 
    "2010-05-13 15:57:10.223-0700": 1457, 
    "2010-05-13 20:54:20.232-0700": 5772, 
    "2010-05-14 06:48:40.233-0700": 1347, 
    "2010-05-14 01:51:30.235-0700": 644, 
    "2010-05-14 11:45:50.345-0700": 0
  }
}

Trace: • alertbirds • apidocumentation • apidocumention • dotnetlogging • log4j • loggingconfiguration • loggingfromcode • pricing • pythonlogging • retrieve_events

Retrieving Events via the APIs

Search Methods

Search URI

HTTP GET

Required

Optional

Sample Query

JSON Output

Facet URIs

HTTP GET

Required Parameters

Optional Parameters

Sample Query

JSON Output

Search

Navigation

Print/export

Toolbox