API: Event Retrieval

[obsolete]

The search methods can return raw events, meta data we know about the events, and summary data (facets) on the events. By default, search contexts are constrained to the last 24 hours (relative time) and search across all inputs and devices.

Search URI

/search/

HTTP GET

Provides search results from an account. If the account includes structured data on a JSON-enabled input, searching by a json.[field] is possible.

Required Parameters

Property Description
q String to search. See the Search Guide for reference on the Loggly query language.

Optional Parameters

Property Description
rows Number of rows returned by search. Defaults to 10.
start Offset for starting row. Defaults to 0.
from Start time for the search. Defaults to NOW-24HOURS.
until End time for the search. Defaults to NOW.
order Direction of results returned, either 'asc' or 'desc'. Defaults to 'desc'.
callback JSONP callback to receive a JSONP response.
format Output format, either 'json', 'xml', or 'text'. Defaults to 'json'
fields Which fields should be output. One or more of the following separated by commas: 'id', 'timestamp', 'ip', 'inputname', 'text'.

Note: When passing in time differences such as 'NOW-1DAY+1MINUTE', be sure you encode the '+' as %2B.

Sample Query
curl -u [user]:[pass] 'http://[account].loggly.com/api/search?q=404'
curl -u [user]:[pass] 'http://[account].loggly.com/api/search?q=json.status:404'

JSON Output

 

Facet URIs

/facets/date/
/facets/ip/
/facets/input/
/facets/json.[field]/
HTTP GET

Provides faceted results from an account on either date, ip, or input fields. If the account includes structured data on a JSON-enabled input, faceting by a json.[field] is possible. Facets return counts of events over a time range. (use https://<acount>.loggly.com/api/facets/json.[field]/?q=<search-term(s))

Required Parameters

Property Description
q String to search. See the Search Guide for reference on the Loggly query language.

Optional Parameters

Property Description
from Start time for the search. Defaults to NOW-1HOUR.
until End time for the search. Defaults to NOW.
buckets Number of buckets the results are split into for a given time range. Defaults to 50.
gap Set the gap time between buckets. Defaults to +1HOUR
facetby Field to use for faceting the results. One of 'ip', 'inputname' or 'text'.
callback JSONP callback to receive a JSONP response.
format Output format, either 'json', 'xml', or 'text'. Defaults to 'json'

Note: When passing in time differences such as 'NOW-1DAY+1MINUTE', be sure you encode the '+' as %2B.

Sample Query
curl -u [user]:[pass] "content-type:text/plain" 'https://[account].loggly.com/api/facets/date/?q=404'
curl -u [user]:[pass] "content-type:text/plain" 'https://[account].loggly.com/api/facets/json.status/?q=inputname:myinput'

JSON Output

Response Codes

These are fairly standard HTTPS/RESTful response codes. From time to time we'll use them in our replies to your queries.

Status Message Description
200 OK Indicates that the request was successful.
201 Created The object was successfully created. This is for a POST call.
204 Deleted The object was deleted. This pertains to DELETE calls.
400 Bad Request Check your request parameters. You might be using an unsupported parameter or have a malformed something or another.
401 Unauthorized Either your credentials specified were invalid.
403 Forbidden User does not have privileges to execute the action.
404 Not Found The resource you have referenced could not be found.
409 Conflict/Duplicate There was some conflict. Most likely you are trying to create a resource that already exists.
410 Gone You have referenced an object that does not exist.
500 Internal Server Error There has been an error from which Loggly could not recover. We are likely notified when this happens.
501 Not Implemented You are trying to access functionality that is not implemented. Yet.
503 Throttled Like a needy child, you are overloading us with requests for events. Try again later.
Top