Search

The Search APIs help you to search through the log data collected from your agents. The search query can be formed with the help of Meta Data APIs.

End Points

POST

/api/v1/search

Simple Search

The Simple Search API can be used to perform searches over a smaller data range. The user can create a search request with the set of relevant metadata. \ The server executes the request and responds with results directly. Simple Search can be used to search over the first 500000 logs.
OAuth Scope : logs360cloud.logs.READ

Arguments

query

string

(Required)

Query for Search, can be formed with the help of MetaData APIs.

start_time

number

Start time range for search in Unix Milliseconds. The timestamp of the number of milliseconds, since the Unix epoch (1 January 1970 00:00:00).

end_time

number

End time range for Search in Unix Milliseconds. The timestamp of the number of milliseconds, since the Unix epoch (1 January 1970 00:00:00).

hosts

array

A list of hosts to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 host IDs in the list.

logtype

array

A list of LogTypes to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 log types in the list.

groups

array

A list of device groups to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 group IDs in the list.

start_from

integer

Start Range of the response, default value is 1.

limit

integer

Count of logs in search response, default value is 10. The user can specify the value to the maximum of 1000.

parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18743594");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v1/search"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
]
info response;

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v1/search")
  .post(body)
  .addHeader("account_id", "18743594")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'POST',
  headers: {
    account_id: '18743594',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
    'content-type': 'application/json'
  },
  body: '{"field1":"value1","field2":"value2"}'
};

fetch('https://log360cloud.manageengine.com/api/v1/search', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"

headers = {
    'account_id': "18743594",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    'content-type': "application/json"
    }

conn.request("POST", "/api/v1/search", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "POST",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v1/search",
  "headers": {
    "account_id": "18743594",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    "content-type": "application/json"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();

curl --request POST \
  --url https://log360cloud.manageengine.com/api/v1/search \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18743594' \
  --header 'content-type: application/json' \
  --data '{"field1":"value1","field2":"value2"}'

{
    "query": " (  ( severity = \"success\" AND type = \"Security\" ) )",
    "start_time": 1699381800000,
    "end_time": 1699468199000,
    "hosts": [
        30000000251315,
        6000000286357
    ],
    "logtype": [
        "Windows",
        "Unix"
    ],
    "groups": [
        3000000012292,
        6000000013071
    ],
    "start_from": 1,
    "limit": 1000
}

{
    "COUNT": 278973,
    "ROWS": [
        {
            "AccountId": "153935663359",
            "Event Version": "1.09",
            "Source": "ela-automation",
            "IP Address": "136.143.177.61",
            "Event Source": "cloudtrail.amazonaws.com",
            "LogType": "aws cloudtrail",
            "Severity": "information",
            "Time": "2024-01-04 19:04:37",
            "Event Type": "awsapicall",
            "Error Message": "-",
            "User Agent": "aws-sdk-java/1.11.762 linux/3.10.0-957.21.3.el7.x86_64 openjdk_64-bit_server_vm/11.0.21+9-lts java/11.0.21 groovy/4.0.12 vendor/azul_systems,_inc.",
            "Event Category": "management"
        }
    ]
}

Bulk Search

The Bulk Search API can be used to perform searches over a larger data range. The user can create a search request with the set of relevant metadata. \ The server executes the request, paginates the data to 5000 records per page and returns with the request ID and total page count. The user can use the request ID to fetch the records of a specified page.
OAuth Scope : logs360cloud.logs.READ

Arguments

query

string

(Required)

Query for Search, can be formed with the help of MetaData APIs.

start_time

number

Start time range for search in Unix Milliseconds. The timestamp of the number of milliseconds, since the Unix epoch (1 January 1970 00:00:00).

end_time

number

End time range for Search in Unix Milliseconds. The timestamp of the number of milliseconds, since the Unix epoch (1 January 1970 00:00:00).

hosts

array

A list of hosts to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 host IDs in the list.

logtype

array

A list of LogTypes to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 log types in the list.

groups

array

A list of device groups to search can be formed with the help of MetaData APIs. The user can pass a maximum of 100 group IDs in the list.

parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18743594");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v1/search/bulk"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
]
info response;

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v1/search/bulk")
  .post(body)
  .addHeader("account_id", "18743594")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'POST',
  headers: {
    account_id: '18743594',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
    'content-type': 'application/json'
  },
  body: '{"field1":"value1","field2":"value2"}'
};

fetch('https://log360cloud.manageengine.com/api/v1/search/bulk', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"

headers = {
    'account_id': "18743594",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    'content-type': "application/json"
    }

conn.request("POST", "/api/v1/search/bulk", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "POST",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v1/search/bulk",
  "headers": {
    "account_id": "18743594",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    "content-type": "application/json"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();

curl --request POST \
  --url https://log360cloud.manageengine.com/api/v1/search/bulk \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18743594' \
  --header 'content-type: application/json' \
  --data '{"field1":"value1","field2":"value2"}'

{
    "query": " (  ( severity = \"success\" AND type = \"Security\" ) )",
    "start_time": 1699381800000,
    "end_time": 1699468199000,
    "hosts": [
        30000000251315,
        6000000286357
    ],
    "logtype": [
        "Windows",
        "Unix"
    ],
    "groups": [
        3000000012292,
        6000000013071
    ]
}

{
    "request_id": 1799008983883,
    "message": "Request Submitted",
    "total_pages": 40
}

Bulk Search Result

To Fetch the search response of a specific page.
OAuth Scope : logs360cloud.logs.READ

Query Parameters

request_id

(Required)

Request ID to Fetch Search Results

page_no

(Required)

Page No

headers_data = Map();
headers_data.put("account_id", "18743594");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v1/search/bulk?request_id=1799008983883&page_no=1"
type: GET
headers: headers_data
connection: <connection_name>
]
info response;

OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v1/search/bulk?request_id=1799008983883&page_no=1")
  .get()
  .addHeader("account_id", "18743594")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'GET',
  headers: {
    account_id: '18743594',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
  }
};

fetch('https://log360cloud.manageengine.com/api/v1/search/bulk?request_id=1799008983883&page_no=1', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

headers = {
    'account_id': "18743594",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
    }

conn.request("GET", "/api/v1/search/bulk?request_id=1799008983883&page_no=1", headers=headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "GET",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v1/search/bulk?request_id=1799008983883&page_no=1",
  "headers": {
    "account_id": "18743594",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.end();

curl --request GET \
  --url 'https://log360cloud.manageengine.com/api/v1/search/bulk?request_id=1799008983883&page_no=1' \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18743594'

{
    "COUNT": 278973,
    "ROWS": [
        {
            "AccountId": "153935663359",
            "Event Version": "1.09",
            "Source": "ela-automation",
            "IP Address": "136.143.177.61",
            "Event Source": "cloudtrail.amazonaws.com",
            "LogType": "aws cloudtrail",
            "Severity": "information",
            "Time": "2024-01-04 19:04:37",
            "Event Type": "awsapicall",
            "Error Message": "-",
            "User Agent": "aws-sdk-java/1.11.762 linux/3.10.0-957.21.3.el7.x86_64 openjdk_64-bit_server_vm/11.0.21+9-lts java/11.0.21 groovy/4.0.12 vendor/azul_systems,_inc.",
            "Event Category": "management"
        }
    ]
}