Execute a query

curl --request POST \
  --url https://api.eu.bronto.io/search \
  --header 'Content-Type: application/json' \
  --header 'X-BRONTO-API-KEY: <api-key>' \
  --data '{
  "from": [
    "[550e8400-e29b-41d4-a716-446655440000, 297bb888-83b1-44e0-8ab6-47879f1275a2]"
  ],
  "from_tags": [
    "environment:production"
  ],
  "time_range": "Last 10 minutes",
  "from_ts": 1709251200000,
  "to_ts": 1711390455601,
  "where": "ip='\''10.0.0.1'\''",
  "select": [
    "min(response_time_ms)",
    "avg(response_time_ms)",
    "max(response_time_ms)"
  ],
  "groups": [
    "[user, ip]"
  ],
  "limit": 50,
  "num_of_slices": 50,
  "from_sequence": 111721913,
  "most_recent_first": true,
  "explain_only": true,
  "async_enabled": false
}'

{
  "explain": {
    "Execution time (millis)": "353"
  },
  "result": [
    {
      "@time": "2024-03-27 10:25:40.632 UTC",
      "@sequence": "111721913",
      "@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
      "@context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both",
      "metadata": {
        "logId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "timestamp": 1711535140632,
        "sequence": 111721913,
        "origin": "10.0.0.1",
        "context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both",
        "selectedKeys": {
          "@time": "2024-03-27 10:25:40.632 UTC"
        },
        "unselectedKeys": {
          "id": "message_0",
          "current_time": 1711535140
        }
      },
      "links": [
        {
          "rel": "context",
          "href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both"
        }
      ]
    }
  ],
  "events": [
    {
      "@raw": "10.0.108.203 - - [27/May/2024:23:47:27 +0000] \"GET / HTTP/1.1\" 200 675 \"-\" \"ELB-HealthChecker/2.0\"",
      "@time": "2024-05-27 23:26:34.331 UTC",
      "@status": "info",
      "message_kvs": {
        "method": "GET",
        "statusCode": "200",
        "path": "/"
      },
      "attributes": {
        "$private_ip": "10.0.22.230",
        "$environment": "production"
      },
      "metadata": {
        "service_id": "23746675-7022-4985-bd74-4af9eba58d72",
        "timestamp": 1716853347801,
        "sequence": 111721913,
        "context": "\"https://api.eu.bronto.io/context?sequence=213&from=37bdf479-7c95-4e81-982a-25d0680fb602&timestamp=1716853354331&direction=both\"\n"
      },
      "links": [
        {
          "rel": "context",
          "href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both"
        }
      ]
    }
  ],
  "groups": [
    {
      "group": "[US]",
      "count": 124,
      "stat": "average(bytes)",
      "value": 50325.25,
      "timeseries": [
        {
          "@timestamp": "1711535140632",
          "count": 40,
          "value": 35.625,
          "quantiles": {
            "min": 691,
            "p25": 713.75,
            "p50": 796,
            "p75": 847.5,
            "p90": 1237,
            "p95": 1331,
            "p99": 1331,
            "p999": 1331,
            "max": 1331
          }
        }
      ]
    }
  ],
  "groups_series": [
    {
      "name": "host123",
      "count": 124,
      "stat": "average(duration_millis)",
      "value": 50325.25,
      "quantiles": {
        "min": 691,
        "p25": 713.75,
        "p50": 796,
        "p75": 847.5,
        "p90": 1237,
        "p95": 1331,
        "p99": 1331,
        "p999": 1331,
        "max": 1331
      },
      "series_resolution_ms": 60000,
      "timeseries": [
        {
          "@timestamp": "1711535140632",
          "count": 40,
          "value": 35.625,
          "quantiles": {
            "min": 691,
            "p25": 713.75,
            "p50": 796,
            "p75": 847.5,
            "p90": 1237,
            "p95": 1331,
            "p99": 1331,
            "p999": 1331,
            "max": 1331
          }
        }
      ],
      "groups_series": [
        {
          "name": "host123",
          "count": 124,
          "stat": "average(duration_millis)",
          "value": 50325.25,
          "series_resolution_ms": 60000,
          "timeseries": [
            {
              "@timestamp": "1711535140632",
              "count": 40,
              "value": 35.625,
              "quantiles": {
                "min": 691,
                "p25": 713.75,
                "p50": 796,
                "p75": 847.5,
                "p90": 1237,
                "p95": 1331,
                "p99": 1331,
                "p999": 1331,
                "max": 1331
              }
            }
          ]
        }
      ]
    }
  ],
  "metadata": {
    "select": [
      "host",
      "status",
      "method"
    ],
    "correlation_id": "00000000-0000-0000-0000-000000000000"
  },
  "totals": {},
  "pagination": {
    "next_page_url": "<string>"
  },
  "links": [
    {
      "rel": "next",
      "href": "<string>"
    }
  ]
}

Search endpoints

Execute a query

You can execute queries on your log data by using Bronto’s syntax based on a subset of SQL as described in the documentation https://docs.brontobytes.io/core-features/log-search/query-syntax/.

Bronto supports both the GET and POST methods for executing a query, however the POST method is preferred as it avoids problems related to maximum URL length when the query parameters are very long.

In the context of the REST API, there are three distinct types queries which determine which parts of the response object are populated:

Event search queries return a list of events matching the specified filter. The response will be paginated if more than limit (default 50) matching events are returned.
Aggregate queries apply aggregate functions such as count(), sum(), max(), avg() to your log data, and return a number or a timeseries of numbers.
Group by aggregate queries return numerical results grouped according to the values for the attributes specified in the group by clause.

The query type is determined by the combination of the select and groups parameters.

POST

Execute a query

curl --request POST \
  --url https://api.eu.bronto.io/search \
  --header 'Content-Type: application/json' \
  --header 'X-BRONTO-API-KEY: <api-key>' \
  --data '{
  "from": [
    "[550e8400-e29b-41d4-a716-446655440000, 297bb888-83b1-44e0-8ab6-47879f1275a2]"
  ],
  "from_tags": [
    "environment:production"
  ],
  "time_range": "Last 10 minutes",
  "from_ts": 1709251200000,
  "to_ts": 1711390455601,
  "where": "ip='\''10.0.0.1'\''",
  "select": [
    "min(response_time_ms)",
    "avg(response_time_ms)",
    "max(response_time_ms)"
  ],
  "groups": [
    "[user, ip]"
  ],
  "limit": 50,
  "num_of_slices": 50,
  "from_sequence": 111721913,
  "most_recent_first": true,
  "explain_only": true,
  "async_enabled": false
}'

{
  "explain": {
    "Execution time (millis)": "353"
  },
  "result": [
    {
      "@time": "2024-03-27 10:25:40.632 UTC",
      "@sequence": "111721913",
      "@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
      "@context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both",
      "metadata": {
        "logId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "timestamp": 1711535140632,
        "sequence": 111721913,
        "origin": "10.0.0.1",
        "context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both",
        "selectedKeys": {
          "@time": "2024-03-27 10:25:40.632 UTC"
        },
        "unselectedKeys": {
          "id": "message_0",
          "current_time": 1711535140
        }
      },
      "links": [
        {
          "rel": "context",
          "href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both"
        }
      ]
    }
  ],
  "events": [
    {
      "@raw": "10.0.108.203 - - [27/May/2024:23:47:27 +0000] \"GET / HTTP/1.1\" 200 675 \"-\" \"ELB-HealthChecker/2.0\"",
      "@time": "2024-05-27 23:26:34.331 UTC",
      "@status": "info",
      "message_kvs": {
        "method": "GET",
        "statusCode": "200",
        "path": "/"
      },
      "attributes": {
        "$private_ip": "10.0.22.230",
        "$environment": "production"
      },
      "metadata": {
        "service_id": "23746675-7022-4985-bd74-4af9eba58d72",
        "timestamp": 1716853347801,
        "sequence": 111721913,
        "context": "\"https://api.eu.bronto.io/context?sequence=213&from=37bdf479-7c95-4e81-982a-25d0680fb602&timestamp=1716853354331&direction=both\"\n"
      },
      "links": [
        {
          "rel": "context",
          "href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72&timestamp=1711535140632&direction=both"
        }
      ]
    }
  ],
  "groups": [
    {
      "group": "[US]",
      "count": 124,
      "stat": "average(bytes)",
      "value": 50325.25,
      "timeseries": [
        {
          "@timestamp": "1711535140632",
          "count": 40,
          "value": 35.625,
          "quantiles": {
            "min": 691,
            "p25": 713.75,
            "p50": 796,
            "p75": 847.5,
            "p90": 1237,
            "p95": 1331,
            "p99": 1331,
            "p999": 1331,
            "max": 1331
          }
        }
      ]
    }
  ],
  "groups_series": [
    {
      "name": "host123",
      "count": 124,
      "stat": "average(duration_millis)",
      "value": 50325.25,
      "quantiles": {
        "min": 691,
        "p25": 713.75,
        "p50": 796,
        "p75": 847.5,
        "p90": 1237,
        "p95": 1331,
        "p99": 1331,
        "p999": 1331,
        "max": 1331
      },
      "series_resolution_ms": 60000,
      "timeseries": [
        {
          "@timestamp": "1711535140632",
          "count": 40,
          "value": 35.625,
          "quantiles": {
            "min": 691,
            "p25": 713.75,
            "p50": 796,
            "p75": 847.5,
            "p90": 1237,
            "p95": 1331,
            "p99": 1331,
            "p999": 1331,
            "max": 1331
          }
        }
      ],
      "groups_series": [
        {
          "name": "host123",
          "count": 124,
          "stat": "average(duration_millis)",
          "value": 50325.25,
          "series_resolution_ms": 60000,
          "timeseries": [
            {
              "@timestamp": "1711535140632",
              "count": 40,
              "value": 35.625,
              "quantiles": {
                "min": 691,
                "p25": 713.75,
                "p50": 796,
                "p75": 847.5,
                "p90": 1237,
                "p95": 1331,
                "p99": 1331,
                "p999": 1331,
                "max": 1331
              }
            }
          ]
        }
      ]
    }
  ],
  "metadata": {
    "select": [
      "host",
      "status",
      "method"
    ],
    "correlation_id": "00000000-0000-0000-0000-000000000000"
  },
  "totals": {},
  "pagination": {
    "next_page_url": "<string>"
  },
  "links": [
    {
      "rel": "next",
      "href": "<string>"
    }
  ]
}

Authorizations

X-BRONTO-API-KEY

string

header

required

Body

application/json

Response

200

application/json

Search results

The response is of type object.

Execute a query Poll a Query In Progress

Api Keys endpoints

User endpoints

Context endpoints

Export endpoints

Logs endpoints

Usage endpoints

Search endpoints

Forward endpoints

Execute a query

Authorizations

Body

Response