Api Keys endpoints
User endpoints
Export endpoints
Logs endpoints
Usage endpoints
Search endpoints
Search endpoints
Execute a query
You can execute queries on your log data by using Bronto’s syntax based on a subset of SQL as described in the documentation https://docs.brontobytes.io/core-features/log-search/query-syntax/.
Bronto supports both the GET and POST methods for executing a query, however the POST method is preferred as it avoids problems related to maximum URL length when the query parameters are very long.
In the context of the REST API, there are three distinct types queries which determine which parts of the response object are populated:
- Event search queries return a list of events matching the specified filter.
The response will be paginated if more than
limit(default 50) matching events are returned. - Aggregate queries apply aggregate functions such as count(), sum(), max(), avg() to your log data, and return a number or a timeseries of numbers.
- Group by aggregate queries return numerical results grouped according to the values for the attributes specified in the group by clause.
The query type is determined by the combination of the select and groups parameters.
POST
/
search
Copy
Ask AI
curl --request POST \
--url https://api.eu.bronto.io/search \
--header 'Content-Type: application/json' \
--header 'X-BRONTO-API-KEY: <api-key>' \
--data '{
"from": [
"[550e8400-e29b-41d4-a716-446655440000, 297bb888-83b1-44e0-8ab6-47879f1275a2]"
],
"from_tags": [
"environment:production"
],
"time_range": "Last 10 minutes",
"from_ts": 1709251200000,
"to_ts": 1711390455601,
"where": "ip='\''10.0.0.1'\''",
"select": [
"min(response_time_ms)",
"avg(response_time_ms)",
"max(response_time_ms)"
],
"groups": [
"[user, ip]"
],
"limit": 50,
"num_of_slices": 50,
"from_sequence": 111721913,
"most_recent_first": true,
"explain_only": true,
"async_enabled": false
}'Copy
Ask AI
{
"explain": {
"Execution time (millis)": "353"
},
"result": [
{
"@time": "2024-03-27 10:25:40.632 UTC",
"@sequence": "111721913",
"@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
"@context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both",
"metadata": {
"logId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"timestamp": 1711535140632,
"sequence": 111721913,
"origin": "10.0.0.1",
"context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both",
"selectedKeys": {
"@time": "2024-03-27 10:25:40.632 UTC"
},
"unselectedKeys": {
"id": "message_0",
"current_time": 1711535140
}
},
"links": [
{
"rel": "context",
"href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both"
}
]
}
],
"events": [
{
"@raw": "10.0.108.203 - - [27/May/2024:23:47:27 +0000] \"GET / HTTP/1.1\" 200 675 \"-\" \"ELB-HealthChecker/2.0\"",
"@time": "2024-05-27 23:26:34.331 UTC",
"@status": "info",
"message_kvs": {
"method": "GET",
"statusCode": "200",
"path": "/"
},
"attributes": {
"$private_ip": "10.0.22.230",
"$environment": "production"
},
"metadata": {
"service_id": "23746675-7022-4985-bd74-4af9eba58d72",
"timestamp": 1716853347801,
"sequence": 111721913,
"context": "\"https://api.eu.bronto.io/context?sequence=213&from=37bdf479-7c95-4e81-982a-25d0680fb602×tamp=1716853354331&direction=both\"\n"
},
"links": [
{
"rel": "context",
"href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both"
}
]
}
],
"groups": [
{
"group": "[US]",
"count": 124,
"stat": "average(bytes)",
"value": 50325.25,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
]
}
],
"groups_series": [
{
"name": "host123",
"count": 124,
"stat": "average(duration_millis)",
"value": 50325.25,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
},
"series_resolution_ms": 60000,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
],
"groups_series": [
{
"name": "host123",
"count": 124,
"stat": "average(duration_millis)",
"value": 50325.25,
"series_resolution_ms": 60000,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
]
}
]
}
],
"metadata": {
"select": [
"host",
"status",
"method"
],
"correlation_id": "00000000-0000-0000-0000-000000000000"
},
"totals": {},
"pagination": {
"next_page_url": "<string>"
},
"links": [
{
"rel": "next",
"href": "<string>"
}
]
}Authorizations
Body
application/json
Response
200
application/json
Search results
The response is of type object.
Copy
Ask AI
curl --request POST \
--url https://api.eu.bronto.io/search \
--header 'Content-Type: application/json' \
--header 'X-BRONTO-API-KEY: <api-key>' \
--data '{
"from": [
"[550e8400-e29b-41d4-a716-446655440000, 297bb888-83b1-44e0-8ab6-47879f1275a2]"
],
"from_tags": [
"environment:production"
],
"time_range": "Last 10 minutes",
"from_ts": 1709251200000,
"to_ts": 1711390455601,
"where": "ip='\''10.0.0.1'\''",
"select": [
"min(response_time_ms)",
"avg(response_time_ms)",
"max(response_time_ms)"
],
"groups": [
"[user, ip]"
],
"limit": 50,
"num_of_slices": 50,
"from_sequence": 111721913,
"most_recent_first": true,
"explain_only": true,
"async_enabled": false
}'Copy
Ask AI
{
"explain": {
"Execution time (millis)": "353"
},
"result": [
{
"@time": "2024-03-27 10:25:40.632 UTC",
"@sequence": "111721913",
"@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
"@context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both",
"metadata": {
"logId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"timestamp": 1711535140632,
"sequence": 111721913,
"origin": "10.0.0.1",
"context": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both",
"selectedKeys": {
"@time": "2024-03-27 10:25:40.632 UTC"
},
"unselectedKeys": {
"id": "message_0",
"current_time": 1711535140
}
},
"links": [
{
"rel": "context",
"href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both"
}
]
}
],
"events": [
{
"@raw": "10.0.108.203 - - [27/May/2024:23:47:27 +0000] \"GET / HTTP/1.1\" 200 675 \"-\" \"ELB-HealthChecker/2.0\"",
"@time": "2024-05-27 23:26:34.331 UTC",
"@status": "info",
"message_kvs": {
"method": "GET",
"statusCode": "200",
"path": "/"
},
"attributes": {
"$private_ip": "10.0.22.230",
"$environment": "production"
},
"metadata": {
"service_id": "23746675-7022-4985-bd74-4af9eba58d72",
"timestamp": 1716853347801,
"sequence": 111721913,
"context": "\"https://api.eu.bronto.io/context?sequence=213&from=37bdf479-7c95-4e81-982a-25d0680fb602×tamp=1716853354331&direction=both\"\n"
},
"links": [
{
"rel": "context",
"href": "https://api.bronto.io/context?sequence=111721913&limit=1&from=23746675-7022-4985-bd74-4af9eba58d72×tamp=1711535140632&direction=both"
}
]
}
],
"groups": [
{
"group": "[US]",
"count": 124,
"stat": "average(bytes)",
"value": 50325.25,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
]
}
],
"groups_series": [
{
"name": "host123",
"count": 124,
"stat": "average(duration_millis)",
"value": 50325.25,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
},
"series_resolution_ms": 60000,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
],
"groups_series": [
{
"name": "host123",
"count": 124,
"stat": "average(duration_millis)",
"value": 50325.25,
"series_resolution_ms": 60000,
"timeseries": [
{
"@timestamp": "1711535140632",
"count": 40,
"value": 35.625,
"quantiles": {
"min": 691,
"p25": 713.75,
"p50": 796,
"p75": 847.5,
"p90": 1237,
"p95": 1331,
"p99": 1331,
"p999": 1331,
"max": 1331
}
}
]
}
]
}
],
"metadata": {
"select": [
"host",
"status",
"method"
],
"correlation_id": "00000000-0000-0000-0000-000000000000"
},
"totals": {},
"pagination": {
"next_page_url": "<string>"
},
"links": [
{
"rel": "next",
"href": "<string>"
}
]
}Assistant
Responses are generated using AI and may contain mistakes.