Authorizations
Body
The select parameter enables the selection of one or many rows or columns from your datasets.
It can be used to select keys by name, e.g. "select": ["ip_address", "status_code"], in which
case the response will contain a list of log events with two columns containing ip addresses and
status codes. Or it can be used with an aggregate function (count, max, min, avg, sum), e.g.,
"select": ["avg(response_time_ms)", "max(response_time_ms)"], in which case the response will
contain columns for the average response time, and max response time. Each row corresponds to a
time slice, for example if you set "num_of_slices": 10 and "time_range": "Last 10 hours", then each row
will contain the function result for each hour of data.
The @raw internal attribute is always available for selection, and its values are the entire unparsed log events.
[
"min(response_time_ms)",
"avg(response_time_ms)",
"max(response_time_ms)"
]The ids of the logs to search.
One of either the from or the from_tags parameters must be specified.
The tags to search. Each tag should be in the form <key>:<value>, e.g., environment:production.
One of either the from or the from_tags parameters must be specified.
If both are specified then from_tags takes precedence, and the from value is ignored.
If the key or the value contain a : or = character, then these can be escaped by wrapping the entire key or value in double-quotes ".
The relative time range for which to query data. Time range supported is from
milliseconds to years. For an exact range, use from_ts and to_ts instead.
"Last 10 minutes"
The starting time (unix time in milliseconds) for which to query data.
Must be used together with to_ts.
This parameter is incompatible with time_range.
1709251200000
The ending time (unix time in milliseconds) for which to query data.
Must be used together with from_ts.
This parameter is incompatible with time_range.
1711390455601
The where parameter is used to filter the results of your query. See https://docs.bronto.io/core-features/log-search/query-syntax for more details The filter can combine multiple terms using AND, OR, NOT.
"ip='10.0.0.1'"
The groups parameter specifies a key to use to arrange the results returned by an aggregate function, (such as count, max, min, avg, sum) into groups of values. The aggregate function returns a single value for each group.
The maximum number of events that an event search should return. In a query with a group by, it limits the number of groups returned. It does not affect a query using aggregate functions.
1 <= x <= 666650
The number of buckets to break the time series results into.
50
Specifies the starting sequence number for the time range when used together with the from_ts parameter.
Each log event has a sequence number which is unique within a millisecond,
and can be used to query data with sub-millisecond time range precision.
The sequence numbers are ordered such that earlier log events have lower sequence numbers.
111721913
Flag to indicate the order in which results should be returned.
true
If set to true then only the explain element of the response will be populated.
The explain element will contain the Approximate bytes in time range attribute which
provides an estimate for the amount of data present in the time range for the selected
datasets.
true
If set to true the server will respond in an asynchronous way: it will return immediately with
a polling link (in the links element of the response body), which the client should check periodically
to monitor the progress of the query and to receive partial results.
This is useful for long running queries, and allows an API client to handle multiple requests concurrently without blocking.
The behaviour of the async API is described here.
If set to false the server will wait until the query has completed before returning a single 200 response
with the completed results in the response body.