End Point : /api/juniper/ecm/log-scoop/logs HTTP Method : POST Request Structure: ( "request": ( "time-interval": "P10D/2015-07-01T05:30:15+05:30", "size": "2", "order": "ascending", "slots": "10", "resolve-addresses": true, "filters": ( "and": [ ( "or": [ ( "filter": ( "key": "username", "operator": "EQUALS", "value": "root" ) ), ( "filter": ( "key": "source-address", "operator": "EQUALS", "value": "1.1.1.1" ) ) ] ) ] ) ) ) Response : ( "response": ( "header": ( "total-count": 2, "message": "Successfully data retried", "response-code": 200 ), "result": [ ( "index": "logstash-2015.06.26-13", "host": "10.207.99.44", "id": "AU4wDbd51mDx7k7neYEc", "timestamp": "2015-06-26T13:31:42.111Z", "priority": 0, "severity": 0, "facility": 0, "facility-label": "kernel", "severity-label": "Emergency", "username": "root]", "country-code": "US" ), ( "index": "logstash-2015.06.26-13", "host": "10.207.99.44", "id": "AU4wDbjQ1mDx7k7neZFk", "timestamp": "2015-06-26T13:31:42.110Z", "priority": 0, "severity": 0, "facility": 0, "facility-label": "kernel", "severity-label": "Emergency", "username": "root]", "country-code": "US", "nat-destination-address-host-name": "172.19.51.235", "source-address-host-name": "1.1.1.1", "destination-address-host-name": "172.19.51.235", "nat-source-address-host-name": "172.19.51.235" ) ] ) ) Finding Attributes to Query For Data Coming in the Log You can pick the attribute names from the structured logs themselves
2 Comments
-
no search term matches found in comments.