Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Download PDF lhs-panel

Click here to expand

Asynchronous Search API

The API allows you to run search requests in the background, wherein you can monitor the progress of the request and view the results as and when they become available.

Here are the steps involved in executing a synchronous search query:

You can make a search request with a set of required metadata and asynchronous parameters.
The server will respond with a request ID and execute the search in background thread.
You can check the status of the request through the Jobs endpoint.
Once the job is done, you can fetch the results using the jobs/results endpoint.
The search results will be available in EventLog Analyzer for 24 hours after which they are deleted by the cleanup thread.

Request URL

POST http://hostname:8400/RestAPI/v1/search/async

Request Header

Header name	Value	Mandatory	Description
Authorization	Bearer {{AuthToken}}	Yes	AuthToken generated from API Settings page. e.g: Bearer mdrkoda0odmtmznloc00ndziltg0mgutmwzkztljmjvmzwmx

Request Parameters

The request needs to be sent in the body of the request using JSON format. And should contain following key/value parameters

Parameter name	Default value	Mandatory	Type	Description
query	*	No	String	Start value of the list
hosts	all	No	JSONArray	List of hosts to search
groups	all	No	JSONArray	List of device groups to search
from	current time - 24 hours	No	Long	Start time for search in Unix milliseconds
to	current time	No	Long	End time for search in Unix milliseconds

Note:

When the cursor is passed, the other parameters are not required.
Quotes i.e ( " ") in query string should to be escaped. If query in EventLog Analyzer's search page is REMOTE_INTERFACE = "switch 1", then for Rest Api the query parameter should be written as "REMOTE_INTERFACE = \"switch 1\""

Response

The response will be a JSON object which will contain the following key/value pairs

Parameter name	Description
request_id	Request ID of the background search , type = string

Example usage using cURL

Sample request

Copy to Clipboard

curl --location --request POST 'http://localhost:8400/RestAPI/v1/search/async' \ -H "Accept: application/json" -H "Authorization: Bearer mdrkoda0odmtmznloc00ndziltg0mgutmwzkztljmjvmzwmx " --data-raw '{ "query": "EVENTID = 16384 AND USERNAME = mhtoc", "hosts": [1, 2, 601], "groups": [3], "from": 1643480792000, "to": 1643480479500 }'

Sample response:

Copy to Clipboard

{ "message": "Request submitted", "request_id": "AX6qKwX7hJby8kAkaqDG", "status": 200 }