Logs

Provides functionality to view, create, edit, update, delete, and search logs on your servers. These can be files (Windows and Linux), Event Logs (Windows), or syslog (Linux).

Attributes

id (read-only) Unique ID for the log in our system.
server_id The ID of the server this log is on.
source_type The type of the log, one of: EVENTLOG, SYSLOG, FILE.
source The source of the log. For EVENTLOG, this is one of:

  • Application
  • System
  • Security

For SYSLOG it is a port number.

For FILE it is a full path to the log file.

limit (optional) Only collect up to this many messages from this log per minute. Default: 2000.
url (read-only) The url to get more information about this item.

Available APIs

/api/logs/

Lists all logs or creates a new one. See above for the attributes each item has.

GET

Returns the list of logs for this account.

Arguments

  • limit (optional, default:2500, max:2500) – Sets the page size to a limit set by the user.
  • page (optional, default:0) – Retrieve the specific page of data of size limit.

Argument Examples

  • limit=10 – will get the first page of the first 10 items.
  • limit=25&page=3 – will get the 4th page of size 25 items.
curl --user {EMAIL}:{API_KEY} https://wwws.appfirst.com/api/logs/
{
    "pagination": {
        "count": 292, 
        "next": null, 
        "previous": null
    }, 
    "data": [
        {
            "id": 13990, 
            "server_id": 266501, 
            "source_type": "AFSQL", 
            "source": "/var/log/af_sql.log", 
            "limit": 2000, 
            "url": "/api/v5/logs/13990/"
        }, 
        {
            "id": 13991, 
            "server_id": 266501, 
            "source_type": "AFURL", 
            "source": "/var/log/af_url.log", 
            "limit": 2000, 
            "url": "/api/v5/logs/13991/"
        }, 
    ]
}

POST

Create a new log for this tenant. See attributes above for required and optional parameters. Returns the newly created device or the existing device if one already existed for this tenant with the same server, type, and source. It may take a minute for this change to propagate to the collector.

curl --user {EMAIL}:{API_KEY} -d "server=4&type=EVENTLOG&source=Application" https://wwws.appfirst.com/api/logs/
{
    "id": 123,
    "server_id": 4,
    "source_type": "EVENTLOG",
    "source": "Application",
    "limit": 2000,
    "resource_url": "/api/v5/logs/123/"
}

/api/logs/{log_id}/

View, update, or delete a log item.

GET

Get info about a specific log, given by the log_id in the URL. It takes no additional parameters.

curl --user {EMAIL}:{API_KEY} https://wwws.appfirst.com/api/logs/1/
{
    "id": 13990, 
    "server_id": 266501, 
    "source_type": "AFSQL", 
    "source": "/var/log/af_sql.log", 
    "limit": 2000, 
    "url": "/api/v5/logs/13990/"
}

PUT

Updates parameters for the log item given by log_id in the URL. You can set any of the parameters not marked as read-only in the attributes above. You must include all parameters, even if they aren’t updating. Optional parameters can be omitted if you want them reset to the defaults. It may take a minute for this change to propagate to the collector.

curl --user {EMAIL}:{API_KEY} -X PUT -d "server=4&type=EVENTLOG&source=Application&limit=1000" https://wwws.appfirst.com/api/logs/2/
 
{
    "id": 2,
    "server_id": 4,
    "source_type": "EVENTLOG",
    "source": "Application",
    "limit": 1000,
    "resource_url": "/api/v5/logs/2/"
}

DELETE

Delete a log.

curl --user {EMAIL}:{API_KEY} -X DELETE https://wwws.appfirst.com/api/logs/1/

/api/logs/{log_id}/data/

Retrieves summary data for the given log. Each piece of log summary data has the following attributes:

time The minute this data is for.
info The number of INFO log messages in this time period.
warning The number of WARNING log messages in this time period.
critical The number of CRITICAL log messages in this time period.

GET

Gets data for the given log. It gets up to “num” points starting from “end” and going back to “start.”

Arguments

  • num (optional, default:1) – Retrieve up to this many number of points. Note that there can be gaps in the data if the server this log is on has an outage.
  • end (optional, default:most recent point) – Retrieve data from this timestamp backwards. If not given, it gets the most recent data.
  • start (optional) – Don’t retrieve any points before this date, if given. From V3, If both start and num are given, end will be assigned to start + time_step_in_epoch (default to be 60) * num.
  • time_step (optional, default:Minute) – Time step for the points, can only be ‘Minute’

Argument Examples

  • num=3 – will get the three most recent minutes of data.
  • num=1440&start=<12:00am today> – will get all of today’s data (which will probably be less than 1440 points).
  • num=3&end=1288584000 – will get the three minutes of data just before Nov. 11, 2010 UTC (which is 1288584000). If all the data exists, this will be 1288584000, 1288583940, and 1288583880. If the middle minute of data didn’t exist it would return 1288584000 and 1288583880.
  • num=30&end=1288584000&start=1288583940 – will get 2 minutes of data (if they exist) from 1288584000 and 1288583940.
  • num=3&time_step=Minute – will get the three most recent minutes of data.
curl --user {EMAIL}:{API_KEY} https://wwws.appfirst.com/api/logs/1/data/?num=2
{
    "pagination": {
        "count": 1, 
        "previous": null, 
        "next": null
    }, 
    "data": [
        {
            "info": 0, 
            "warning": 0, 
            "critical": 0, 
            "time": 1423865220
        }
    ]
}

/api/logs/{log_id}/detail/

Retrieves log messages for the given log. Each piece of log detail data has the following attributes:

data The log message.

GET

Gets messages for the given log. It gets messages for up to “num” points starting from “end” and going back “start.” Note there can be multiple messages per minute. It also takes filter and severity parameters to restrict log messages that are returned.

Arguments

  • num (optional, default:1) – Retrieve up to this many number of points. Note that there can be gaps in the data if the server this log is on has an outage.
  • end (optional, default:most recent point) – Retrieve data from this timestamp backwards. If not given, it gets the most recent data.
  • start (optional) – Don’t retrieve any points before this date, if given. From V3, If both start and num are given, end will be assigned to start + time_step_in_epoch (default to be 60) * num.
  • time_step (optional, default:Minute) – Time step for the points, can only be ‘Minute’
  • filter (optional) – Only return messages which match this basic regular expression. If none given, it matches all messages.

Argument Examples

  • num=3 – will get the messages from three most recent minutes of data.
  • num=1440&start=<12:00am today> – will get all of today’s data (which will probably be less than 1440 points).
  • num=3&end=1288584000 – will get the three minutes of data just before Nov. 11, 2010 UTC (which is 1288584000). If all the data exists, this will be 1288584000, 1288583940, and 1288583880. If the middle minute of data didn’t exist it would return 1288584000 and 1288583880.
  • num=30&end=1288584000&start=1288583940 – will get 2 minutes of data (if they exist) from 1288584000 and 1288583940.
  • num=3&time_step=Minute – will get the three most recent minutes of data.
  • filter=.*test[0-9] – will get messages from the last minute that match the expression (matchs: ‘test0′, ‘blah test9′; does NOT match: ‘testa’, ‘test9 blah’).
curl --user {EMAIL}:{API_KEY} https://wwws.appfirst.com/api/logs/1/detail/
{
    "pagination": {
        "count": 0, 
        "previous": null, 
        "next": null
    }, 
    "data": []
}