diff --git a/_source/api/test_api.yml b/_source/api/test_api.yml
new file mode 100644
index 000000000..a3f67ca67
--- /dev/null
+++ b/_source/api/test_api.yml
@@ -0,0 +1,12062 @@
+swagger: '2.0'
+schemes: [ https ]
+host: api.logz.io
+x-servers:
+ - url: https://api.logz.io/
+ description: US East (Northern Virginia)
+
+ - url: https://api-au.logz.io/
+ description: Asia Pacific (Sydney)
+
+ - url: https://api-ca.logz.io/
+ description: Canada (Central)
+
+ - url: https://api-eu.logz.io/
+ description: Europe (Frankfurt)
+
+ - url: https://api-nl.logz.io/
+ description: West Europe (Netherlands)
+
+ - url: https://api-uk.logz.io/
+ description: Europe (London)
+
+ - url: https://api-wa.logz.io/
+ description: West US 2 (Washington)
+basePath: /
+produces: [ application/json ]
+consumes: [ application/json ]
+info:
+ description: >-
+ # Introduction
+
+ This API is documented using the **OpenAPI 2.0** specification.
+ The OpenAPI Specification file is also [available for download](https://docs.logz.io/api/logzio-public-api.yml)
+
+ # Automation
+
+ You can automate most of our APIs using our [Terraform provider](https://docs.logz.io/integrations/terraform/).
+
+
+
+
+ # Account region and API URL
+
+ To find your account region, sign in to Logz.io and look at the URL in the address bar.
+ Your API URL has the same two-letter code that you see in the address bar when you're logged in.
+
+
+ For more information, see [Account region](https://docs.logz.io/user-guide/accounts/account-region.html).
+
+
+ # Authentication
+
+ The Logz.io API is available to Pro and Enterprise plan subscribers.
+ You can generate and delete API tokens in your [Logz.io account](https://app.logz.io/#/dashboard/settings/manage-tokens/api).
+
+
+
+
+ # Rate limiting
+
+ API call and response rates are limited to 100 concurrent API requests per account.
+ To verify your rate limits or request changes to your plan, please contact your account manager or the Customer Success Team.
+
+ # Compression
+
+ Compression is supported and recommended for all API calls. To enable compression for API responses, add the following request header:
+
+ Header Name: Accept-Encoding
+ Header Value: deflate, gzip
+
+ Compression is STRONGLY RECOMMENDED for 'Search' and 'Scroll' APIs, due to their potentially large response sizes.
+
+
+ title: Logz.io API
+ termsOfService: 'https://logz.io/about-us/terms-of-use/'
+ contact:
+ email: help@logz.io
+ url: https://docs.logz.io/
+ license:
+ name: Apache 2.0
+ url: 'http://www.apache.org/licenses/LICENSE-2.0.html'
+
+securityDefinitions:
+ X-API-TOKEN:
+ description: >-
+ You can manage your API tokens from the [Logz.io API tokens](https://app.logz.io/#/dashboard/settings/manage-tokens/api) page.
+
+
+ API tokens are account-specific. You will need to be logged into the relevant Log Management or SIEM account to view the API tokens associated with it.
+
+
+ To manage your API tokens, log into the relevant account in your Logz.io platform, click the gear in the top-right menu, and select [**Tools > Manage tokens > API tokens**](https://app.logz.io/#/dashboard/settings/manage-tokens/api).
+
+
+ It's important to keep your tokens secure. API tokens carry privileges to make changes to users and accounts, so if you believe an API token has been compromised, delete it, and replace it with a new token in your integrations.
+ type: apiKey
+ in: header
+ name: X-API-TOKEN
+security:
+ - X-API-TOKEN: []
+
+tags:
+ - name: Metrics gateway
+ description: >-
+ Metrics API Gateway to supported endpoints. In the context of this API, "*Grafana*" refers to the Logz.io fork of Grafana, thus this gateway provides support for the APIs of the Logz.io fork of Grafana and for some of the open source Grafana APIs. Read more about the fork created by Logz.io [here.](https://logz.io/about-us/forked-statement/)
+
+ **Note:** Run these endpoints with an API token belonging to the main Log Management account associated with your Metrics account.
+
+
+ - name: Who am I
+ - name: Manage time-based log accounts
+ description: >-
+ Use these API requests to manage time-based log accounts:
+
+ * Create, update, or delete a sub account.
+
+ * Allocate daily capacity to the main account and/or sub accounts.
+
+ * Retrieve account activity stats and/or account configuration details.
+
+
+ ### Flexible storage & shared volume
+
+ Flexible storage and shared volume allow accounts to share indexing capacity.
+
+
+ To enable shared volume, go to the [Manage accounts page](https://app.logz.io/#/dashboard/settings/manage-accounts) in the Logz.io app and toggle the button **Use flexible volume** to turn it on.
+
+
+ To determine whether flexible storage is enabled, run a `Get` request to retrieve account details.
+
+ * If `isFlexible` is true, flexible storage is enabled and every account has reserved capacity set by the parameter `reservedDailyGB`.
+
+ * If false, flexible storage is disabled and the parameter `reservedDailyGB` is null.
+ - name: Search logs
+ description: >-
+ Use the Elasticsearch Search API DSL query language to search your Logz.io data.
+
+
+ To ensure system performance and data availability, we've introduced some limitations to the original Elasticsearch specification. These limitations are detailed in the applicable API calls below.
+
+ - name: Deployments
+ description: >-
+ Send deployment logs by API to automatically correlate exceptions with service deployments directly in your Logz.io Exceptions tab.
+
+ - name: Insights
+ description: >-
+ Logz.io monitors your logs for Insights to help you preempt issues and alert you of potential problems.
+
+
+ There are two types of Insights:
+
+ * LOGCEPTION - Application errors and exceptions identified in the stack trace.
+
+ * PUBLIC_CI - Cognitive Insights correlate your logs with vulnerabilities and issues that are trending in the open source community.
+
+
+ You have the option to set up an alert so you can get notified of the details when new or recurring insights are spotted in your system.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ - name: Retrieve audit trail
+ - name: Connect to CloudTrail
+ description: Establish a connection to ship logs to the Logz.io observability platform via an S3 bucket. Supports CloudTrail logs.
+ - name: Connect to S3 Buckets
+ description: >-
+ Establish a connection for the Logz.io fetcher to fetch logs to the Logz.io observability platform via an S3 bucket. Supports ELB, S3 Access, CloudFront, VPC Flow logs.
+
+
+ If you're looking to fetch CloudTrail logs, use the designated endpoints.
+
+
+ Authentication can be established with either S3 secret credentials or ARNs (for AWS IAM Roles). Authentication with S3 Secret Credentials is supported for backward compatibility. Authentication with ARNs (for IAM Roles) is strongly recommended.
+ - name: Manage notification endpoints
+ description: >-
+ Logz.io can send notifications to your preferred workspaces, such as Opsgenie, BigPanda, PagerDuty, and Slack.
+
+
+ Notifications are typically sent when alerts are triggered, when a user shares a Kibana object,
+ or when Logz.io Insights identifies new exceptions in your logs.
+
+
+ Use these API endpoints to create, update, or delete notification endpoints. If you configure a custom endpoint,
+ you can configure the notification message body.
+ Otherwise, you can use any of the available preconfigured endpoints.
+ - name: Import or export Kibana objects
+ - name: Manage log shipping tokens
+ description: >-
+ Use these API endpoints to create, update, retrieve, or delete log shipping tokens.
+ - name: Drop filters
+ description: >-
+ Drop filters provide a solution for filtering out logs before they are indexed in your account to help lower costs and reduce account volume.
+
+
+ Drop filters evaluate logs for exact field:value matches. Any log results that match active drop filters will not be indexed. This means they will not appear in your Kibana account, will not be searchable, trigger alerts, or appear in dashboards.
+
+
+ Archiving is not affected by drop filters. Logs dropped by drop filters will still be archived, if archiving is configured for the account. With archiving configured, you can readily use drop filters to reduce logging bulk and restore the logs in the event that they become relevant.
+ - name: Manage shared tokens
+ description: >-
+ You can share Kibana visualization and dashboard snapshots using shared tokens.
+ Token filters are available to help you control what data to expose.
+
+
+ **Note:** Shared token endpoints require permissions that must be set by our Support team. Please email help@logz.io for assistance.
+ - name: Manage API tokens
+ description: >-
+ You can manage API tokens for sub accounts.
+ - name: Logz.io snapshots
+ - name: Manage users
+ - name: Alerts
+ description: >-
+ Logz.io alerts use a Kibana search query to continuously scan your logs and alert you when a certain set of conditions is met. The simplest alerts can use a simple search query or a particular filter, but others can be quite complex and involve several conditions with varying thresholds.
+
+
+ When alerts trigger, they write event logs. Event logs of triggered alerts are always available and searchable in Kibana - just filter for `_exists_:logzio-alert`. But you also have the option to add notifications, and control their contents, format, and who they are sent to.
+
+
+ For the deprecated alerting version, please see our [public GitHub project](https://github.com/logzio/public-api/tree/master/alerts).
+ - name: Security rules
+ description: >-
+ Security rules help you connect the dots between your data sources and events that could indicate a security threat or breach.
+
+
+ Your Cloud SIEM account comes pre-configured with security rules for different attack types and security use cases. These built-in rules are protected, and there are limitations on the changes that can be made to them. Pre-configured rules can be updated by adding notification endpoints (like email or Slack), changing trigger thresholds and severities, and adding tags, as described in detail in the endpoint.
+
+
+ You can also create new security rules to supplement the built-in rules.
+
+ - name: Security account
+ description: >-
+ A security account with SIEM allows you to use the SIEM platform. You can create a SIEM account using an API call.
+
+ - name: Security events
+ description: >-
+ A security event is logged whenever a security rule triggers in your [Logz.io Cloud SIEM account](https://app.logz.io/#/dashboard/security/rules/rule-definitions?from=0&sortBy=updatedAt&sortOrder=DESC).
+
+
+ Your Logz.io Cloud SIEM is pre-loaded with hundreds of security rules created and maintained by Logz.io's security analysts. The list continues to be expanded and updated on a regular basis. You can also add your own security rules.
+
+
+ To investigate into security events, you can begin by running a bulk query to fetch security event logs, either with or without applying filtering criteria. This query returns all of the events that match the query parameters and can potentially fetch events going back many months. Whenever you encounter a particular event you would like to further investigate, you can run the drilldown query to fetch the logs that triggered the security event to delve deeper into the event details.
+
+
+ These queries can be used to integrate with an automated response solution such as Cortex xSOAR or simply to understand your security posture and identify suspicious activity in your accounts.
+ - name: Archive logs
+ description: >-
+ You can archive logs to an AWS S3 bucket or Azure Blob Storage. Archiving gives you the option to restore logs and query them after they have expired from your time-based account.
+
+
+ You can use the following endpoints to retrieve, set up, test, and update an account's archive settings.
+
+
+ Note: Logs are archived before they are indexed and analyzed by Logz.io. If you are using drop filters, note that dropped logs will still be archived.
+ - name: Restore logs
+ description: >-
+ You can restore data from your active archiving account, whether an AWS S3 bucket or Azure Blob Storage. Restoring data gives you the option to query logs after they have expired from your time-based account.
+
+
+ You can use the following endpoints to initiate a new restore process, retrieve, set up, test, and update an account's archive settings.
+
+
+ Note: Logs that are dropped by drop filters are still archived and can be restored. You can temporarily disable drop filters to restore the data.
+ - name: Lookups
+ description: >-
+ Lookups are custom lists of values that allow you to easily filter by large lists in Kibana.
+
+
+ Instead of adding a long list of elements to your query, you can create lookup lists and filter by them using the operators `in lookups`/`not in lookups`.
+
+
+ For this purpose, all of the values in a lookup list should be mapped to the same field in Kibana. [Learn more in the user guide](/user-guide/lookups/)
+
+ - name: Grafana alerting
+ description: >-
+ To create an alert, use the Grafana dashboards API.
+
+ - name: Authentication groups
+ description: >-
+ Before you can use Authentication Groups API, Logz.io support will need to enable [SSO](https://docs.logz.io/user-guide/users/single-sign-on/) for your account.
+
+
+x-tagGroups:
+ - name: Log Monitoring
+ tags:
+ - Search logs
+ - Alerts
+ - Deployments
+ - Insights
+ - Logz.io snapshots
+ - name: Cloud SIEM
+ tags:
+ - Security account
+ - Security rules
+ - Security events
+ - Lookup lists
+ - name: Account administration
+ tags:
+ - Manage users
+ - Manage metrics account
+ - Authentication groups
+ - Who am I
+ - Manage time-based log accounts
+ - Manage shared tokens
+ - Manage API tokens
+ - Manage notification endpoints
+ - Import or export Kibana objects
+ - name: Manage data shipping
+ tags:
+ - Manage log shipping tokens
+ - Drop filters
+ - Archive logs
+ - Restore logs
+ - Parsing
+ - Delete object API
+ - name: Data security
+ tags:
+ - Retrieve audit trail
+ - name: Connect to AWS resources
+ tags:
+ - Connect to CloudTrail
+ - Connect to S3 Buckets
+ - name: Metrics API Gateway
+ tags:
+ - Grafana contact points
+ - Grafana data source
+ - Grafana alerting provisioning
+ - Grafana annotations
+ - Grafana dashboards
+ - Grafana dashboard search
+ - Grafana snapshots
+ description: Metrics API Gateway to supported endpoints.
+
+paths:
+ # ::::: GRAFANA
+
+ /v1/provisioning/contact-points:
+ get:
+ operationId: RouteGetContactpoints
+ summary: Get all contact points
+ description: >-
+ Get all contact points.
+ tags:
+ - Grafana contact points
+ parameters:
+ - in: query
+ name: name
+ type: string
+ schema:
+ description: >-
+ Name to filter by.
+ responses:
+ 200:
+ description: ContactPoints
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ disableResolveMessage:
+ type: boolean
+ name:
+ type: string
+ example: webhook_1
+ provenance:
+ type: string
+ example: string
+ settings:
+ type: object
+ properties:
+ type:
+ type: string
+ example: webhook
+ uid:
+ type: string
+ example: my_external_reference
+
+ post:
+ operationId: RoutePostContactpoints
+ summary: Create a contact point
+ description: >-
+ Create a contact point.
+ tags:
+ - Grafana contact points
+ parameters:
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ disableResolveMessage:
+ type: boolean
+ name:
+ type: string
+ example: webhook_1
+ settings:
+ type: object
+ properties:
+ type:
+ type: string
+ example: webhook
+ uid:
+ type: string
+ example: my_external_reference
+ responses:
+ 202:
+ description: ContactPoints
+ schema:
+ type: object
+ properties:
+ definitions:
+ disableResolveMessage:
+ type: boolean
+ name:
+ type: string
+ example: webhook_1
+ provenance:
+ type: string
+ example: string
+ settings:
+ type: object
+ properties:
+ type:
+ type: string
+ example: webhook
+ uid:
+ type: string
+ example: my_external_reference
+ 400:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Error message
+
+
+ /v1/provisioning/contact-points/{UID}:
+ delete:
+ operationId: RouteDeleteContactpoints
+ summary: Delete a contact point
+ description: >-
+ Delete a contact point.
+ tags:
+ - Grafana contact points
+ parameters:
+ - in: path
+ name: UID
+ type: string
+ required: true
+ schema:
+ description: >-
+ Contact point unique identifier.
+ responses:
+ 204:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: The contact point was deleted successfully.
+ put:
+ operationId: RouteUpdateContactpoints
+ summary: Update a contact point
+ description: >-
+ Update a contact point.
+ tags:
+ - Grafana contact points
+ parameters:
+ - in: path
+ name: UID
+ type: string
+ required: true
+ schema:
+ description: >-
+ Contact point unique identifier.
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ disableResolveMessage:
+ type: boolean
+ name:
+ type: string
+ example: webhook_1
+ settings:
+ type: object
+ properties:
+ type:
+ type: string
+ example: webhook
+ uid:
+ type: string
+ example: my_external_reference
+ responses:
+ 202:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: The contact point was deleted successfully.
+ 204:
+ description: Acknowledged
+ schema:
+ type: object
+ properties:
+ 400:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Validator error.
+
+
+ /v1/provisioning/policies:
+ delete:
+ operationId: RouteResetPolicyTree
+ summary: Clears the notification policy tree
+ description: >-
+ Clears the notification policy tree.
+ tags:
+ - Grafana contact points
+ responses:
+ 202:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: The contact point was deleted successfully.
+ get:
+ operationId: RouteGetPolicyTree
+ summary: Get notification policy tree
+ description: >-
+ Get notification policy tree.
+ tags:
+ - Grafana contact points
+ responses:
+ 202:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ continue:
+ type: boolean
+ group_by:
+ type: array
+ items:
+ type: string
+ example: string
+ group_interval:
+ type: string
+ example: string
+ group_wait:
+ type: string
+ example: string
+ match:
+ type: object
+ properties:
+ additionalProp1:
+ type: string
+ example: string
+ additionalProp2:
+ type: string
+ example: string
+ additionalProp3:
+ type: string
+ example: string
+ match_re:
+ type: object
+ properties:
+ additionalProp1:
+ type: object
+ properties:
+ additionalProp2:
+ type: object
+ properties:
+ additionalProp3:
+ type: object
+ properties:
+ matchers:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ example: string
+ Type:
+ type: integer
+ format: int32
+ example: 0
+ Value:
+ type: string
+ example: string
+ mute_time_intervals:
+ type: array
+ items:
+ type: string
+ example: string
+ object_matchers:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ example: string
+ Type:
+ type: integer
+ format: int32
+ example: 0
+ Value:
+ type: string
+ example: string
+ provenance:
+ type: string
+ example: string
+ receiver:
+ type: string
+ example: string
+ repeat_interval:
+ type: string
+ example: string
+ routes:
+ type: array
+ items:
+ type: string
+ example: string
+
+ put:
+ operationId: RouteGetPolicyTree
+ summary: Set notification policy tree
+ description: >-
+ Set notification policy tree.
+ tags:
+ - Grafana contact points
+ parameters:
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ continue:
+ type: boolean
+ group_by:
+ type: array
+ items:
+ type: string
+ example: string
+ group_interval:
+ type: string
+ example: string
+ group_wait:
+ type: string
+ example: string
+ match:
+ type: object
+ properties:
+ additionalProp1:
+ type: string
+ example: string
+ additionalProp2:
+ type: string
+ example: string
+ additionalProp3:
+ type: string
+ example: string
+ match_re:
+ type: object
+ properties:
+ additionalProp1:
+ type: object
+ properties:
+ additionalProp2:
+ type: object
+ properties:
+ additionalProp3:
+ type: object
+ properties:
+ matchers:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ example: string
+ Type:
+ type: integer
+ format: int32
+ example: 0
+ Value:
+ type: string
+ example: string
+ mute_time_intervals:
+ type: array
+ items:
+ type: string
+ example: string
+ object_matchers:
+ type: array
+ items:
+ type: object
+ properties:
+ Name:
+ type: string
+ example: string
+ Type:
+ type: integer
+ format: int32
+ example: 0
+ Value:
+ type: string
+ example: string
+ provenance:
+ type: string
+ example: string
+ receiver:
+ type: string
+ example: string
+ repeat_interval:
+ type: string
+ example: string
+ routes:
+ type: array
+ items:
+ type: string
+ example: string
+
+ responses:
+ 202:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: The contact point was deleted successfully.
+ 400:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Validator error.
+
+
+
+ /v1/grafana/api/datasources/summary:
+ get:
+ operationId: getAllDatasources
+ summary: Return a list of data sources
+ description: >-
+ Return a list of data sources for all accounts under the API token provided.
+ tags:
+ - Grafana data source
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: integer
+ example: 123
+ description: Data source Id
+ uid:
+ type: string
+ example: DCFaFyDnk
+ description: Data source UID
+ name:
+ type: string
+ example: cluster6_metrics
+ description: Data source name
+ type:
+ type: string
+ example: prometheus
+ description: Enum for the data source type. Can be eithern prometheus or elasticsearch.
+ database:
+ type: string
+ example: 123456
+ description: Metrics account ID
+
+ 404:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Data source not found.
+
+ /v1/grafana/api/datasources/name/{metric_account_name}/summary:
+ get:
+ operationId: getDatasourceByAccount
+ summary: Get a data source for a given account
+ description: >-
+ Get a data source for a given account.
+ tags:
+ - Grafana data source
+ parameters:
+
+ - in: path
+ name: metric_account_name
+ type: string
+ schema:
+ description: >-
+ Logz.io metric account name
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ example: 123
+ description: Data source Id
+ uid:
+ type: string
+ example: DCFaFyDnk
+ description: Data source UID
+ name:
+ type: string
+ example: cluster6_metrics
+ description: Data source name
+ type:
+ type: string
+ example: prometheus
+ description: Enum for the data source type. Can be eithern prometheus or elasticsearch.
+ database:
+ type: string
+ example: 123456
+ description: Metrics account ID
+
+ 404:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Data source not found.
+
+
+ /v1/grafana/api/v1/provisioning/alert-rules:
+ get:
+ operationId: getAlertRules
+ summary: Return a list of all alerts
+ description: >-
+ Returns a list of all alerts.
+ tags:
+ - Grafana alerting provisioning
+ parameters:
+
+ - in: query
+ name: panelId
+ type: integer
+ schema:
+ description: >-
+ Id of a specific panel to return in results.
+ - in: query
+ name: dashboardUid
+ type: integer
+ schema:
+ description: >-
+ Id of a specific dashboard to return in results.
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ description: Annotations for the dashboard
+ properties:
+ runbook_url:
+ type: string
+ description: URL to the runbook
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ description: Condition
+ example: A
+ data:
+ type: array
+ description: Response wrapper for the data retrieved
+ items:
+ type: object
+ description: Data items retrieved
+ properties:
+ datasourceUid:
+ type: string
+ description: Grafana data source unique identifier
+ example: -100
+ model:
+ type: object
+ description: JSON is the raw JSON query and includes the model properties as well as custom properties.
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ description: Optional identifier for the type of query
+ example:
+ refId:
+ type: string
+ description: Unique identifier of the query, set by the frontend call.
+ example: A
+ relativeTimeRange:
+ type: object
+ description: Per query start and end time for requests
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ orgID:
+ type: integer
+ format: int32
+ example: 0
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+ updated:
+ type: string
+ example: 2022-08-16T11:07:04.763Z
+
+ post:
+ operationId: AlertRules
+ summary: Create a new alert rule
+ description: >-
+ Creates a new alert rule.
+ tags:
+ - Grafana alerting provisioning
+ parameters:
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ properties:
+ runbook_url:
+ type: string
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ example: A
+ data:
+ type: array
+ items:
+ type: object
+ required:
+ - datasourceUid
+ properties:
+ datasourceUid:
+ type: string
+ example: -100
+ model:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ example:
+ refId:
+ type: string
+ example: A
+ relativeTimeRange:
+ type: object
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ properties:
+ runbook_url:
+ type: string
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ example: A
+ data:
+ type: array
+ items:
+ type: object
+ properties:
+ datasourceUid:
+ type: string
+ example: -100
+ model:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ example:
+ refId:
+ type: string
+ example: A
+ relativeTimeRange:
+ type: object
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ orgID:
+ type: integer
+ format: int32
+ example: 0
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+ updated:
+ type: string
+ example: 2022-08-16T13:09:06.350Z
+
+
+
+
+ /v1/grafana/api/v1/provisioning/alert-rules/{UID}:
+ get:
+ operationId: getAlertRulesByUID
+ summary: Return a list of all alerts by UID
+ description: >-
+ Returns a list of all alerts by a UID.
+ tags:
+ - Grafana alerting provisioning
+ parameters:
+
+ - in: path
+ name: UID
+ type: string
+ schema:
+ description: >-
+ Alert rule UID.
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ properties:
+ runbook_url:
+ type: string
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ example: A
+ data:
+ type: array
+ items:
+ type: object
+ properties:
+ datasourceUid:
+ type: string
+ example: -100
+ model:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ example:
+ refId:
+ type: string
+ example: A
+ relativeTimeRange:
+ type: object
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ orgID:
+ type: integer
+ format: int32
+ example: 0
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+ updated:
+ type: string
+ example: 2022-08-16T13:09:06.350Z
+
+ put:
+ operationId: putAlertRulesByUID
+ summary: Amend an alert by UID
+ description: >-
+ Amend an alert by UID.
+ tags:
+ - Grafana alerting provisioning
+ parameters:
+
+ - in: path
+ name: UID
+ type: string
+ schema:
+ description: >-
+ Alert rule UID.
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ properties:
+ runbook_url:
+ type: string
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ example: A
+ data:
+ type: array
+ items:
+ type: object
+ properties:
+ datasourceUid:
+ type: string
+ example: -100
+ model:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ example:
+ refId:
+ type: string
+ example: A
+ relativeTimeRange:
+ type: object
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ orgID:
+ type: integer
+ format: int32
+ example: 0
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ annotations:
+ type: object
+ properties:
+ runbook_url:
+ type: string
+ example: https://supercoolrunbook.com/page/13
+ condition:
+ type: string
+ example: A
+ data:
+ type: array
+ items:
+ type: object
+ properties:
+ datasourceUid:
+ type: string
+ example: -100
+ model:
+ type: object
+ properties:
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ type:
+ type: string
+ example: gt
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ example: and
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ example: avg
+ type:
+ type: string
+ example: query
+ datasource:
+ type: object
+ properties:
+ type:
+ type: string
+ example: __expr__
+ uid:
+ type: string
+ example: __expr__
+ expression:
+ type: string
+ example: 1 == 1
+ hide:
+ type: boolean
+ intervalMs:
+ type: integer
+ format: int32
+ example: 1000
+ maxDataPoints:
+ type: integer
+ format: int32
+ example: 43200
+ refId:
+ type: string
+ example: A
+ type:
+ type: string
+ example: math
+ queryType:
+ type: string
+ example:
+ refId:
+ type: string
+ example: A
+ relativeTimeRange:
+ type: object
+ properties:
+ from:
+ type: integer
+ format: int32
+ example: 0
+ to:
+ type: integer
+ format: int32
+ example: 0
+ execErrState:
+ type: string
+ example: Alerting
+ folderUID:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: project_x
+ for:
+ type: integer
+ format: int32
+ example: 0
+ id:
+ type: integer
+ format: int32
+ example: 0
+ labels:
+ type: object
+ properties:
+ team:
+ type: string
+ example: sre-team-1
+ noDataState:
+ type: string
+ example: Alerting
+ orgID:
+ type: integer
+ format: int32
+ example: 0
+ provenance:
+ type: string
+ example: string
+ ruleGroup:
+ type: string
+ example: eval_group_1
+ title:
+ type: string
+ example: Always firing
+ uid:
+ type: string
+ example: string
+ updated:
+ type: string
+ example: 2022-08-16T14:04:25.062Z
+
+ delete:
+ operationId: deleteAlertRulesByUID
+ summary: Delete alert rule by UID
+ description: >-
+ Deletes the annotation that matches the specified id.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: path
+ name: UID
+ type: string
+ schema:
+ description: >-
+ Alert rule UID.
+
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Confirmation message.
+ example: Annotation deleted
+
+
+
+
+
+
+ /v1/grafana/api/annotations/:
+ get:
+ operationId: getAnnotations
+ summary: Find annotations
+ description: >-
+ Searches for annotations in the Grafana database.
+ tags:
+ - Grafana annotations
+ parameters:
+
+ - in: query
+ name: from
+ type: integer
+ schema:
+ description: >-
+ Epoch datetime in milliseconds. Optional.
+ - in: query
+ name: to
+ type: integer
+ schema:
+ description: >-
+ Epoch datetime in milliseconds. Optional.
+ - in: query
+ name: limit
+ type: integer
+ schema:
+ description: >-
+ Optional - default is 100. Max limit for results returned.
+ - in: query
+ name: alertId
+ type: integer
+ schema:
+ description: >-
+ Optional. Find annotations for a specified alert.
+ - in: query
+ name: dashboardId
+ type: integer
+ schema:
+ description: >-
+ Optional. Find annotations that are scoped to a specific dashboard
+ - in: query
+ name: panelId
+ type: integer
+ schema:
+ description: >-
+ Optional. Find annotations that are scoped to a specific panel
+ - in: query
+ name: userId
+ type: integer
+ schema:
+ description: >-
+ Optional. Find annotations created by a specific user
+ - in: query
+ name: type
+ type: string
+ schema:
+ description: >-
+ Optional. Return alerts or user created annotations
+ - in: query
+ name: tags
+ type: string
+ schema:
+ description: >-
+ Optional. Use this to filter global annotations. Global annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. To do an “AND” filtering with multiple tags, specify the tags parameter multiple times e.g. tags=tag1&tags=tag2.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/annotations?from=1506676478816&to=1507281278816&tags=tag1&tags=tag2&limit=100 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ dashboardId:
+ type: integer
+ description: Dashboard ID.
+ example: 1
+ dashboardUId:
+ type: string
+ description: Dashboard UID.
+ example: "ABcdEFghij"
+ dashboardSlug:
+ type: string
+ description: Dashboard slug.
+ example: "sensors"
+ panelId:
+ type: integer
+ description: Panel ID.
+ example: 1
+ name:
+ type: string
+ description: Dashboard name.
+ example: "fire place sensor"
+ state:
+ type: string
+ description: Dashboard state.
+ example: "alerting"
+ newStateDate:
+ type: string
+ description: Date of the new state.
+ example: "2018-05-14T05:55:20+02:00"
+ evalDate:
+ type: string
+ description: Evaluation date.
+ example: "0001-01-01T00:00:00Z"
+ evalData:
+ type: array
+ description: Evaluation data.
+ items:
+ type: string
+ executionError:
+ type: string
+ description: Execution error, if present
+ example: ""
+ url:
+ type: string
+ description: Dashboard url.
+ example: "http://grafana.com/dashboard/db/sensors"
+ post:
+ operationId: createAnnotations
+ summary: Create annotations
+ description: >-
+ Creates an annotation in the Grafana database.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ dashboardId:
+ type: integer
+ description: Id of the dashboard. The dashboardId and panelId fields are optional. If they are not specified then a global annotation is created and can be queried in any dashboard that adds the Grafana annotations data source.
+ panelId:
+ type: integer
+ description: Id of the panel. The dashboardId and panelId fields are optional. If they are not specified then a global annotation is created and can be queried in any dashboard that adds the Grafana annotations data source.
+ time:
+ type: integer
+ description: Epoch time in milliseconds.
+ timeEnd:
+ type: integer
+ description: Epoch time in milliseconds.
+ tags:
+ type: array
+ description: Annotation tags.
+ items:
+ type: string
+ example: tag1
+ text:
+ type: string
+ description: Annotation Description.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl --compressed -X POST https://api.logz.io/v1/grafana/api/annotations/ \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "dashboardId":468,
+ "panelId":1,
+ "time":1507037197339,
+ "timeEnd":1507180805056,
+ "tags":["tag1","tag2"],
+ "text":"Annotation Description"
+ }'
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ message:
+ type: string
+ description: Confirmation message.
+ example: Annotation added
+
+ /v1/grafana/api/annotations/graphite:
+ post:
+ operationId: createAnnotationsGraphite
+ summary: Create annotations in Graphite format
+ description: >-
+ Creates an annotation in the Grafana database by using Graphite-compatible event format.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ what:
+ type: string
+ description: Graphite annotation.
+ example: Event - deploy
+ when:
+ type: integer
+ description: Epoch datetime of the annotation in milliseconds. Optional. If `when` is not specified then the current time will be used as annotation’s timestamp..
+ tags:
+ type: array
+ description: Annotation tags. Can also be in prior to Graphite 0.10.0 format (string with multiple tags being separated by a space).
+ example: ["deploy", "production"]
+ items:
+ type: string
+ data:
+ type: string
+ description: Annotation Description.
+ example: deploy of master branch happened at Wed Jul 6 22:34:41 UTC 2016
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl --compressed -X POST https://api.logz.io/v1/grafana/api/annotations/graphite \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "what": "Event - deploy",
+ "tags": ["deploy", "production"],
+ "when": 1467844481,
+ "data": "deploy of master branch happened at Wed Jul 6 22:34:41 UTC 2016"
+ }'
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ message:
+ type: string
+ description: Confirmation message.
+ example: Graphite annotation added
+
+ /v1/grafana/api/annotations/:id:
+ put:
+ operationId: updateAnnotations
+ summary: Update annotations
+ description: >-
+ Updates an annotation in the Grafana database.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: path
+ name: id
+ type: integer
+ schema:
+ description: >-
+ Id of the annotation.
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ time:
+ type: integer
+ description: Epoch time in milliseconds.
+ timeEnd:
+ type: integer
+ description: Epoch time in milliseconds.
+ example: Event - deploy
+ text:
+ type: string
+ description: Annotation Description.
+ tags:
+ type: attay
+ description: Tags.
+ example: ["tag3","tag4","tag5"]
+ items:
+ type: string
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X PUT https://api.logz.io/v1/grafana/api/annotations/1141 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "time":1507037197339,
+ "timeEnd":1507180805056,
+ "text":"Annotation Description",
+ "tags":["tag3","tag4","tag5"]
+ }'
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Confirmation message.
+ example: Annotation updated
+ patch:
+ operationId: patchAnnotations
+ summary: Patch annotations
+ description: >-
+ Updates one or more properties of an annotation that matches the specified id. This operation currently supports updating of the text, tags, time and timeEnd properties.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: path
+ name: id
+ type: integer
+ schema:
+ description: >-
+ Id of the annotation.
+ - in: body
+ name: body
+ schema:
+ type: object
+ properties:
+ text:
+ type: string
+ description: Annotation Description.
+ tags:
+ type: attay
+ description: Tags.
+ items:
+ type: string
+
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X PATCH https://api.logz.io/v1/grafana/api/annotations/1141 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "text":"New Annotation Description",
+ "tags":["tag6","tag7","tag8"]
+ }'
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Confirmation message.
+ example: Annotation patched
+
+ delete:
+ operationId: deleteAnnotations
+ summary: Delete annotation by id
+ description: >-
+ Deletes the annotation that matches the specified id.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: path
+ name: id
+ type: integer
+ schema:
+ description: >-
+ Id of the annotation.
+
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X DELETE https://api.logz.io/v1/grafana/api/annotations/1141 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Confirmation message.
+ example: Annotation deleted
+
+ /v1/grafana/api/annotations/tags:
+ get:
+ operationId: getAnnotationsTags
+ summary: Get event tags created in annotations
+ description: >-
+ Searches for event tags in annotations in the Grafana database.
+ tags:
+ - Grafana annotations
+ parameters:
+ - in: query
+ name: tag
+ type: string
+ schema:
+ description: >-
+ Tag. Optional.
+ - in: query
+ name: limit
+ type: integer
+ schema:
+ description: >-
+ Optional. A number, where the default is 100. Max limit for results returned.
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/annotations/tags?tag=out \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ result:
+ type: object
+ description: Query result.
+ properties:
+ tags:
+ type: object
+ description: Tags retrieved by the query.
+ properties:
+ tag:
+ type: string
+ description: Tag.
+ example: outage
+ count:
+ type: integer
+ description: Tags count.
+ example: 1
+
+
+
+
+
+ /v1/grafana/api/dashboards/db:
+ post:
+ operationId: createDashboard
+ summary: Create/update a dashboard
+ description: >-
+ Creates or updates a new dashboard or updates an existing dashboard.
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: body
+ type: object
+ schema:
+ properties:
+ dashboard:
+ type: object
+ description: The complete dashboard model, to create a new dashboard.
+ properties:
+ id:
+ type: integer
+ description: Nullable to create a new dashboard.
+ example: 1
+ uid:
+ type: integer
+ description: Optional unique identifier when creating a dashboard. will generate a new uid.
+ example: 1
+ panels:
+ type: array
+ items:
+ type: object
+ properties:
+ alert:
+ type: object
+ properties:
+ alertRuleTags:
+ type: object
+ conditions:
+ type: array
+ items:
+ type: object
+ properties:
+ evaluator:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: integer
+ format: int32
+ type:
+ type: string
+ operator:
+ type: object
+ properties:
+ type:
+ type: string
+ query:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type: string
+ reducer:
+ type: object
+ properties:
+ params:
+ type: array
+ items:
+ type:
+ type: string
+ type:
+ type: string
+ executionErrorState:
+ type: string
+ for:
+ type: string
+ frequency:
+ type: string
+ handler:
+ type: integer
+ format: int32
+ name:
+ type: string
+ noDataState:
+ type: string
+ notifications:
+ type: array
+ items:
+ aliasColors:
+ type: object
+ properties:
+ bars:
+ type: boolean
+ dashLength:
+ type: integer
+ format: int32
+ dashes:
+ type: boolean
+ datasource:
+ type: string
+ format: nullable
+ fieldConfig:
+ type: object
+ properties:
+ defaults:
+ type: object
+ properties:
+ custom:
+ type: object
+ properties:
+ overrides:
+ type: array
+ items:
+ fill:
+ type: integer
+ format: int32
+ fillGradient:
+ type: integer
+ format: int32
+ gridPos:
+ type: object
+ properties:
+ h:
+ type: integer
+ format: int32
+ w:
+ type: integer
+ format: int32
+ x:
+ type: integer
+ format: int32
+ y:
+ type: integer
+ format: int32
+ hiddenSeries:
+ type: boolean
+ id:
+ type: integer
+ format: int32
+ legend:
+ type: object
+ properties:
+ avg:
+ type: boolean
+ current:
+ type: boolean
+ max:
+ type: boolean
+ min:
+ type: boolean
+ show:
+ type: boolean
+ total:
+ type: boolean
+ values:
+ type: boolean
+ lines:
+ type: boolean
+ linewidth:
+ type: integer
+ format: int32
+ nullPointMode:
+ type: string
+ options:
+ type: object
+ properties:
+ dataLinks:
+ type: array
+ items:
+ percentage:
+ type: boolean
+ pointradius:
+ type: integer
+ format: int32
+ points:
+ type: boolean
+ renderer:
+ type: string
+ seriesOverrides:
+ type: array
+ items:
+ spaceLength:
+ type: integer
+ format: int32
+ stack:
+ type: boolean
+ steppedLine:
+ type: boolean
+ targets:
+ type: array
+ items:
+ type: object
+ properties:
+ refId:
+ type: string
+ scenarioId:
+ type: string
+ thresholds:
+ type: array
+ items:
+ type: object
+ properties:
+ colorMode:
+ type: string
+ fill:
+ type: boolean
+ line:
+ type: boolean
+ op:
+ type: string
+ value:
+ type: integer
+ format: int32
+ timeFrom:
+ type: string
+ format: nullable
+ timeRegions:
+ type: array
+ items:
+ timeShift:
+ type: string
+ format: nullable
+ title:
+ type: string
+ tooltip:
+ type: object
+ properties:
+ shared:
+ type: boolean
+ sort:
+ type: integer
+ format: int32
+ value_type:
+ type: string
+ type:
+ type: string
+ xaxis:
+ type: object
+ properties:
+ buckets:
+ type: string
+ format: nullable
+ mode:
+ type: string
+ name:
+ type: string
+ format: nullable
+ show:
+ type: boolean
+ values:
+ type: array
+ items:
+ yaxes:
+ type: array
+ items:
+ type: object
+ properties:
+ format:
+ type: string
+ label:
+ type: string
+ format: nullable
+ logBase:
+ type: integer
+ format: int32
+ max:
+ type: string
+ format: nullable
+ min:
+ type: string
+ format: nullable
+ show:
+ type: boolean
+ yaxis:
+ type: object
+ properties:
+ align:
+ type: boolean
+ alignLevel:
+ type: string
+ format: nullable
+
+ title:
+ type: string
+ example: Production Overview
+ tags:
+ type: array
+ items:
+ type: string
+ example: tag3
+ timezone:
+ type: string
+ example: browser
+ schemaVersion:
+ type: integer
+ example: 1
+ version:
+ type: integer
+ example: 0
+ refresh:
+ type: string
+ description: Set the dashboard refresh interval. If this is lower than the minimum refresh interval, then Grafana will ignore it and will enforce the minimum refresh interval.
+ example: 25s
+ folderId:
+ type: integer
+ description: The id of the folder to save the dashboard in.
+ example: 1
+ folderUid:
+ type: string
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ example: l3KqBxCMz
+ message:
+ type: string
+ description: Set a commit message for the version history.
+ example: Made changes to xyz
+ overwrite:
+ description: Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
+ type: boolean
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X PATCH https://api.logz.io/v1/grafana/api/dashboards/db \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "dashboard": {
+ "id": null,
+ "uid": null,
+ "title": "Production Overview",
+ "tags": [ "templated" ],
+ "timezone": "browser",
+ "schemaVersion": 16,
+ "version": 0,
+ "refresh": "25s"
+ },
+ "folderId": 0,
+ "folderUid": "l3KqBxCMz",
+ "message": "Made changes to xyz",
+ "overwrite": false
+ }'
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ example: 1
+ description: ID.
+ uid:
+ type: string
+ example: cIBgcSjkk
+ description: UID.
+ url:
+ type: string
+ example: /d/cIBgcSjkk/production-overview
+ description: URL.
+ status:
+ type: string
+ example: success
+ description: Request status.
+ version:
+ type: integer
+ example: 1
+ description: Dashboard version.
+ slug:
+ type: string
+ example: production-overview
+ description: Dashboard slug.
+ 412:
+ description: failed
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: The dashboard has been changed by someone else
+ description: Error message.
+ status:
+ type: string
+ example: version-mismatch
+ description: Error status.
+
+ /v1/grafana/api/dashboards/uid/:uid:
+ get:
+ operationId: getDashboarById
+ summary: Get dashboard by uid
+ description: >-
+ Will return the dashboard given the dashboard unique identifier (uid). Information about the unique identifier of a folder containing the requested dashboard might be found in the metadata.
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: path
+ name: uid
+ type: string
+ schema:
+ description: >-
+ Dashboard UID.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/uid/cIBgcSjkk \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "dashboard": {
+ "id": 1,
+ "uid": "cIBgcSjkk",
+ "title": "Production Overview",
+ "tags": [ "templated" ],
+ "timezone": "browser",
+ "schemaVersion": 16,
+ "version": 0
+ },
+ "meta": {
+ "isStarred": false,
+ "url": "/d/cIBgcSjkk/production-overview",
+ "folderId": 2,
+ "folderUid": "l3KqBxCMz",
+ "slug": "production-overview" //deprecated in Grafana v5.0
+ }
+ }'
+ responses:
+ 200:
+ description: success
+ schema:
+ type: object
+ properties:
+ dashboard:
+ type: object
+ description: The complete dashboard model, `id = null ` to create a new dashboard.
+ properties:
+ id:
+ type: integer
+ description: Set `id = null` to create a new dashboard.
+ example: 1
+ uid:
+ type: integer
+ description: Optional unique identifier when creating a dashboard, `id = null` will generate a new uid.
+ example: 1
+ title:
+ type: string
+ example: Production Overview
+ description: Dashboard title.
+ tags:
+ type: array
+ description: Dashboard tags.
+ items:
+ type: string
+ example: tag3
+ timezone:
+ type: string
+ description: Timezone.
+ example: browser
+ schemaVersion:
+ type: integer
+ description: Schema version.
+ example: 1
+ version:
+ type: integer
+ description: Dashboard version.
+ example: 0
+ meta:
+ type: object
+ description: Information about the unique identifier of a folder containing the requested dashboard.
+ properties:
+ isStarred:
+ type: boolean
+ example: true
+ description: Whether the dashboard is starred.
+ url:
+ type: string
+ example: /d/cIBgcSjkk/production-overview
+ description: Dashboard url.
+ folderId:
+ type: integer
+ example: 2
+ description: Dashboard folder id.
+ folderUid:
+ type: string
+ example: l3KqBxCMz
+ description: The unique identifier (uid) of a folder to search in for dashboards. You cannot use `General` folder or the folder generated by logz.io - `Logz.io Dashboards` - to place your alerts.
+ slug:
+ type: string
+ example: production-overview
+ description: Dashboard slug.
+ delete:
+ operationId: deleteDashboarById
+ summary: Delete dashboard by uid
+ description: >-
+ Will delete the dashboard given the specified unique identifier (uid).
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: path
+ name: uid
+ type: string
+ schema:
+ description: >-
+ Dashboard UID.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X DELETE https://api.logz.io/v1/grafana/api/dashboards/uid/cIBgcSjkk \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "title": "Production Overview",
+ "message": "Dashboard Production Overview deleted",
+ "id": 2
+ }'
+ responses:
+ 200:
+ description: success
+ schema:
+ type: object
+ properties:
+ title:
+ type: object
+ example: Production Overview
+ description: Dashboard title.
+ message:
+ type: object
+ description: Response message.
+ id:
+ type: integer
+ example: 2
+ description: Dashboard id.
+
+ /v1/grafana/api/dashboards/home:
+ get:
+ operationId: getHomeDashboard
+ summary: Get home dashboard
+ description: >-
+ Will return the home dashboard.
+ tags:
+ - Grafana dashboards
+ responses:
+ 200:
+ description: success
+ schema:
+ type: object
+ properties:
+ dashboard:
+ type: object
+ description: The complete dashboard model, `id = null` to create a new dashboard.
+ properties:
+ editable:
+ type: boolean
+ example: false
+ hideControls:
+ type: integer
+ example: false
+ nav:
+ type: object
+ properties:
+ enable:
+ type: boolean
+ example: false
+ type:
+ type: string
+ example: timepicker
+ style:
+ type: string
+ example: dark
+ tags:
+ type: object
+ properties:
+ tag:
+ type: string
+ example: outage
+ templating:
+ type: object
+ properties:
+ list:
+ type: array
+ items:
+ type: string
+ time:
+ type: object
+ timezone:
+ type: string
+ example: browser
+ title:
+ type: string
+ example: Home
+ version:
+ type: integer
+ example: 2
+ meta:
+ type: object
+ description: The complete dashboard model, `id = null` to create a new dashboard.
+ properties:
+ isHome:
+ type: boolean
+ example: true
+ canSave:
+ type: boolean
+ example: false
+ canEdit:
+ type: boolean
+ example: false
+ canStar:
+ type: boolean
+ example: false
+ url:
+ type: string
+ example: url
+ expires:
+ type: string
+ example: 0001-01-01T00:00:00Z
+ created:
+ type: string
+ example: 0001-01-01T00:00:00Z
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/home \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ /v1/grafana/api/dashboards/tags:
+ get:
+ operationId: getDashboardTags
+ summary: Get all tags of dashboards
+ description: >-
+ Will return all tags for all dashboard.
+ tags:
+ - Grafana dashboards
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/tags \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: success
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ term:
+ type: string
+ description: Tag term.
+ example: tag1
+ count:
+ type: string
+ description: Tag count.
+ example: count1
+
+
+ /v1/grafana/api/dashboards/id/:dashboardId/versions:
+ get:
+ operationId: getAllDashboardVersions
+ summary: Get all dashboard versions
+ description: >-
+ Gets all existing dashboard versions for the dashboard with the given dashboardId.
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: path
+ name: dashboardId
+ type: integer
+ schema:
+ description: >-
+ Dashboard ID.
+ - in: query
+ name: limit
+ type: integer
+ schema:
+ description: >-
+ Maximum number of results to return.
+ - in: query
+ name: start
+ type: integer
+ schema:
+ description: >-
+ Version to start from when returning queries.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/id/1/versions?limit=2?start=0 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: success
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ dashboardId:
+ type: integer
+ description: Dashboard ID.
+ example: 2
+ parentVersion:
+ type: integer
+ description: Dashboard parent version.
+ example: 0
+ restoredFrom:
+ type: integer
+ description: Restored from.
+ example: 0
+ version:
+ type: integer
+ description: Version.
+ example: 2
+ created:
+ type: integer
+ description: Date created.
+ example: 2017-06-08T17:24:33-04:00"
+ createdBy:
+ type: string
+ description: Created by.
+ example: admin
+ message:
+ type: string
+ description: Message.
+ example: Initial save
+
+ /v1/grafana/api/dashboards/id/:dashboardId/versions/:id:
+ get:
+ operationId: getDashboardVersion
+ summary: Get dashboard version
+ description: >-
+ Get the dashboard version with the given id, for the dashboard with the given id.
+ parameters:
+ - in: path
+ name: dashboardId
+ type: integer
+ schema:
+ description: >-
+ Dashboard ID.
+ - in: path
+ name: id
+ type: integer
+ schema:
+ description: >-
+ Version ID.
+ tags:
+ - Grafana dashboards
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/id/1/versions/1 \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ responses:
+ 200:
+ description: success
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ dashboardId:
+ type: integer
+ description: Dashboard ID.
+ example: 1
+ parentVersion:
+ type: integer
+ description: Parent version.
+ example: 0
+ restoredFrom:
+ type: integer
+ description: Restored from.
+ example: 0
+ version:
+ type: integer
+ description: Version.
+ example: 1
+ created:
+ type: string
+ description: Creation date.
+ example: 2017-04-26T17:18:38-04:00
+ message:
+ type: string
+ description: Message.
+ example: Initial save
+ data:
+ type: object
+ description: Data.
+ properties:
+ annotations:
+ type: object
+ description: Annotations.
+ properties:
+ list:
+ type: array
+ items:
+ editable:
+ type: boolean
+ description: Whether the data is editable.
+ gnetId:
+ type: string
+ description: Gnet Id.
+ graphTooltip:
+ type: integer
+ description: Graph tooltip.
+ example: 0
+ hideControls:
+ type: boolean
+ description: Whether to hide controls.
+ id:
+ type: integer
+ description: ID.
+ example: 1
+ links:
+ type: array
+ description: Links.
+ items:
+ rows:
+ type: array
+ description: Rows.
+ items:
+ type: object
+ description: Items.
+ properties:
+ collapse:
+ type: boolean
+ description: Whether to collapse items.
+ height:
+ type: string
+ description: Height.
+ example: 250px
+ panels:
+ type: array
+ description: Panels.
+ items:
+ repeat:
+ type: string
+ description: Repeat.
+
+ repeatIteration:
+ type: string
+ description: Repeat iteration.
+
+ repeatRowId:
+ type: string
+ description: Repeat row id.
+
+ showTitle:
+ type: boolean
+ description: Whether to show title.
+ title:
+ type: string
+ example: "Dashboard Row"
+ description: Title.
+ titleSize:
+ type: string
+ example: "h6"
+ description: Title size.
+ schemaVersion:
+ type: integer
+ example: "14"
+ description: Schema version.
+ style:
+ type: string
+ example: "dark"
+ description: Style.
+ tags:
+ type: array
+ items:
+ description: Tags.
+ templating:
+ type: object
+ description: Templating.
+ properties:
+ list:
+ type: array
+ items:
+ time:
+ type: object
+ description: Time.
+ properties:
+ from:
+ type: string
+ description: From.
+ example: "now-6h"
+ to:
+ type: string
+ description: To.
+ example: now
+ timepicker:
+ type: object
+ description: Time picker.
+ properties:
+ refresh_intervals:
+ type: array
+ description: Refresh intervals.
+ items:
+ type: string
+ example: "5s"
+ time_options:
+ type: array
+ description: Time options.
+ items:
+ type: string
+ example: "5m"
+ timezone:
+ type: string
+ description: Time zone.
+ example: browser
+ title:
+ type: string
+ description: Title.
+ example: test
+ version:
+ type: integer
+ description: Version.
+ example: 1
+ createdBy:
+ type: string
+ description: Created by.
+ example: "admin"
+
+
+
+ /v1/grafana/api/dashboards/id/:dashboardId/restore:
+ post:
+ operationId: restoreDashboard
+ summary: Restore a dashboard
+ description: >-
+ Restores a dashboard to a given dashboard version.
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: body
+ type: object
+ schema:
+ properties:
+ version:
+ type: integer
+ description: Dashboard version.
+ - in: path
+ name: dashboardId
+ type: integer
+ schema:
+ description: >-
+ Dashboard ID.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl --compressed -X POST https://api.logz.io/v1/grafana/api/dashboards/id/1/restore \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "version": 1
+ }'
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ slug:
+ type: string
+ description: Dashboard slug.
+ example: production-overview
+ status:
+ type: string
+ description: Dashboard status.
+ example: success
+ version:
+ type: integer
+ description: Dashboard version.
+ example: 1
+
+ /v1/grafana/api/dashboards/calculate-diff:
+ post:
+ operationId: compareDashboard
+ summary: Compare dashboards
+ description: >-
+ Compares two dashboard versions by calculating the JSON diff of them.
+ tags:
+ - Grafana dashboards
+ parameters:
+ - in: body
+ type: object
+ schema:
+ properties:
+ base:
+ type: object
+ description: Object representing the base dashboard version.
+ properties:
+ dashboardId:
+ type: integer
+ example: 1
+ version:
+ type: integer
+ example: 1
+ new:
+ type: object
+ description: Object representing the new dashboard version
+ properties:
+ dashboardId:
+ type: integer
+ example: 1
+ version:
+ type: integer
+ example: 1
+ diffType:
+ type: string
+ description: the type of diff to return. Can be “json” or “basic”.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST https://api.logz.io/v1/grafana/api/dashboards/calculate-diff \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+
+ "base": {
+ "dashboardId": 1,
+ "version": 1
+ },
+ "new": {
+ "dashboardId": 1,
+ "version": 2
+ },
+ "diffType": "json"
+
+ }'
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+
+ /v1/grafana/api/search/:
+ get:
+ operationId: searchDashboard
+ summary: Search folders and dashboards
+ description: >-
+ Search folders and dashboards.
+ tags:
+ - Grafana dashboard search
+ parameters:
+ - in: query
+ name: query
+ type: string
+ schema:
+ description: >-
+ Search query.
+ - in: query
+ name: tag
+ type: string
+ schema:
+ description: >-
+ List of tags to search for.
+ - in: query
+ name: type
+ type: string
+ schema:
+ description: >-
+ Type to search for, dash-folder or dash-db.
+ - in: query
+ name: dashboardIds
+ type: integer
+ schema:
+ description: >-
+ List of dashboard id’s to search for.
+ - in: query
+ name: folderIds
+ type: integer
+ schema:
+ description: >-
+ List of folder id’s to search in for dashboards.
+ - in: query
+ name: starred
+ type: boolean
+ schema:
+ description: >-
+ Flag indicating if only starred Dashboards should be returned.
+ - in: query
+ name: limit
+ type: integer
+ schema:
+ description: >-
+ Limit the number of returned results (max 5000).
+ - in: query
+ name: page
+ type: integer
+ schema:
+ description: >-
+ Use this parameter to access hits beyond limit. Numbering starts at 1. limit param acts as page size. Only available in Grafana v6.2+.
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/search?query=Production%20Overview&starred=true&tag=prod \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 163
+ uid:
+ type: string
+ description: UID.
+ example: "000000163"
+ title:
+ type: string
+ description: Title.
+ example: "Folder"
+ url:
+ type: string
+ description: URL.
+ example: "/dashboards/f/000000163/folder"
+ type:
+ type: string
+ description: Type.
+ example: "dash-folder"
+ tags:
+ type: array
+ description: Tags.
+ isStarred:
+ type: boolean
+ description: Whether the dashboard is starred.
+ uri:
+ type: string
+ description: URI.
+ example: "db/folder"
+
+
+ /v1/grafana/api/snapshots/:
+ post:
+ operationId: postGrafanaSnapshot
+ summary: Create a snapshot
+ description: >-
+ Creates a snapshot.
+ tags:
+ - Grafana snapshots
+ parameters:
+ - in: body
+ type: object
+ schema:
+ properties:
+ dashboard:
+ type: object
+ required: true
+ description: The complete dashboard model.
+ name:
+ type: string
+ description: Snapshot name.
+ expires:
+ type: integer
+ description: >-
+ When the snapshot should expire in seconds. 3600 is 1 hour, 86400 is 1 day. Default is never to expire.
+ external:
+ type: boolean
+ description: >-
+ Save the snapshot on an external server rather than locally. Default is false.
+ key:
+ type: string
+ description: >-
+ Define the unique key. Required if external is true.
+ deleteKey:
+ type: string
+ description: >-
+ Unique key used to delete the snapshot. It is different from the key so that only the creator can delete the snapshot. Required if external is true.
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST https://api.logz.io/v1/grafana/api/dashboards/calculate-diff \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+
+ "dashboard": {
+ "editable":false,
+ "hideControls":true,
+ "nav":[
+ {
+ "enable":false,
+ "type":"timepicker"
+ }
+ ],
+ "rows": [
+ {
+
+ }
+ ],
+ "style":"dark",
+ "tags":[],
+ "templating":{
+ "list":[
+ ]
+ },
+ "time":{
+ },
+ "timezone":"browser",
+ "title":"Home",
+ "version":5
+ },
+ "expires": 3600
+
+ }'
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ deleteKey:
+ type: string
+ description: Unique key used to delete the snapshot. It is different from the `key` so that only the creator can delete the snapshot. Required if external is `true`.
+ example: XXXXXXX
+ deleteUrl:
+ type: string
+ description: Delete url.
+ example: myurl/api/snapshots-delete/XXXXXXX
+ key:
+ type: string
+ description: Unique key.
+ example: YYYYYYY
+ url:
+ type: string
+ description: URL.
+ example: myurl/dashboard/snapshot/YYYYYYY
+ id:
+ type: integer
+ description: ID.
+ example: 1
+
+ get:
+ operationId: getGrafanaSnapshot
+ summary: Get list of Snapshots
+ description: >-
+ Get list of Snapshots.
+ tags:
+ - Grafana snapshots
+ parameters:
+ - in: query
+ name: query
+ type: string
+ schema:
+ description: >-
+ Search query.
+ - in: query
+ name: limit
+ type: integer
+ schema:
+ description: >-
+ Limit the number of returned results.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/dashboards/snapshots \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+
+
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID.
+ example: 8
+ name:
+ type: string
+ description: Snapshot name.
+ example: Home
+ key:
+ type: string
+ description: Snapshot key.
+ example: YYYYYYY
+ orgId:
+ type: integer
+ description: Snapshot orgId.
+ example: 1
+ userId:
+ type: integer
+ description: Snapshot user ID.
+ example: 1
+ external:
+ type: boolean
+ description: Whether the snapshot is external.
+ externalUrl:
+ type: string
+ description: Snapshot external url.
+ expires:
+ type: string
+ description: Snapshot expiry date.
+ example: 2200-13-32T25:23:23+02:00
+ created:
+ type: string
+ description: Snapshot creation date.
+ example: 2200-13-32T28:24:23+02:00
+ updated:
+ type: string
+ description: Snapshot update date.
+ example: 2200-13-32T28:24:23+02:00
+
+ /v1/grafana/api/snapshots/:key/:
+ get:
+ operationId: getGrafanaSnapshotbyKey
+ summary: Get Snapshot by Key
+ description: >-
+ Gets Snapshot by Key.
+ tags:
+ - Grafana snapshots
+ parameters:
+ - in: path
+ name: key
+ type: string
+ required: true
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X GET https://api.logz.io/v1/grafana/api/snapshots/YYYYYYY \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ meta:
+ type: object
+ properties:
+ isSnapshot:
+ type: boolean
+ type:
+ type: string
+ example: snapshot
+ canSave:
+ type: boolean
+ canEdit:
+ type: boolean
+ canStar:
+ type: boolean
+ slug:
+ type: string
+ example:
+ expires:
+ type: string
+ example: 2200-13-32T25:23:23+02:00
+ created:
+ type: string
+ example: 2200-13-32T28:24:23+02:00
+ dashboard:
+ type: object
+ description: Dashboard.
+ properties:
+ editable:
+ type: boolean
+ description: Whether the dashboard is editable.
+ hideControls:
+ type: boolean
+ description: Whether to hide controls.
+ nav:
+ type: array
+ description: Nav.
+ items:
+ type: object
+ properties:
+ enable:
+ type: boolean
+ description: Nav enabled or not.
+ type:
+ type: string
+ description: Nav type.
+ example: timepicker
+ rows:
+ type: array
+ description: Rows.
+ items:
+ type: object
+ properties:
+ style:
+ type: string
+ description: Style.
+ example: dark
+ tags:
+ type: array
+ description: Tags.
+ items:
+ templating:
+ type: object
+ description: Templating.
+ properties:
+ list:
+ description: List.
+ type: array
+ items:
+ time:
+ type: object
+ description: Time.
+ properties:
+ timezone:
+ type: string
+ description: Time zone.
+ example: browser
+ title:
+ type: string
+ description: Title.
+ example: Home
+ version:
+ type: integer
+ description: Dashboard version.
+ example: 5
+
+ delete:
+ operationId: deleteGrafanaSnapshotbyKey
+ summary: Delete Snapshot by Key
+ description: >-
+ Deletes snapshot by Key.
+ tags:
+ - Grafana snapshots
+ parameters:
+ - in: path
+ name: key
+ type: string
+ required: true
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X DELETE https://api.logz.io/v1/grafana/api/snapshots/YYYYYYY \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Message.
+ example: Snapshot deleted. It might take an hour before it's cleared from any CDN caches.
+ id:
+ type: integer
+ description: ID.
+ example: 1
+
+ /v1/grafana/api/snapshots-delete/:deleteKey:
+ get:
+ operationId: deleteGrafanaSnapshotbyDeleteKey
+ summary: Delete snapshot by deleteKey
+ description: >-
+ Delete snapshot by deleteKey.
+ tags:
+ - Grafana snapshots
+ parameters:
+ - in: path
+ name: deleteKey
+ type: string
+ required: true
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X DELETE https://api.logz.io/v1/grafana/api/snapshots-delete/XXXXXX \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ description: Message.
+ example: Snapshot deleted. It might take an hour before it's cleared from any CDN caches.
+ id:
+ type: integer
+ description: ID.
+ example: 1
+
+
+ /v1/osd/saved-objects/{object-type}/{object-id}:
+ delete:
+ summary: Remove a saved object
+ tags:
+ - Delete object API
+ parameters:
+ - in: path
+ name: object-type
+ required: true
+ type: string
+ description: The type of the saved object to remove. Valid options are "search", "visualization", and "dashboard".
+ example: visualization
+ - in: path
+ name: object-id
+ required: true
+ type: string
+ description: The ID of the saved object to remove.
+ example: 7adfa750-4c81-11e8-b3d7-01146121b73d
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X DELETE https://api.logz.io/v1/osd/saved-objects/visualization/7adfa750-4c81-11e8-b3d7-01146121b73d \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ responses:
+ 200:
+ description: Indicates a successful call.
+
+
+
+
+
+
+ # ::::: ACCOUNTS
+
+ /v1/account-management/metrics-accounts:
+ post:
+ summary: Create a new metrics account
+ consumes:
+ - application/json
+ tags:
+ - Manage metrics account
+ parameters:
+ - in: body
+ name: MetricsAccountV1Request
+ required: true
+ schema:
+ type: object
+ required:
+ - email
+ properties:
+ email:
+ type: string
+ description: Email address of the account owner
+ example: ^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,})$
+ accountName:
+ type: string
+ description: Name of metrics account to be created. If empty, the default name `_metrics` is used.
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+ description: IDs of authorized accounts
+ responses:
+ 201:
+ description: Created
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID of the created metrics account
+ accountName:
+ type: string
+ description: Name of metrics account.
+ token:
+ type: string
+ description: Metrics account token
+ createdAt:
+ type: string
+ format: date-time
+ description: Timestamp of account creation
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+
+ get:
+ summary: Get a list of all metrics accounts
+ produces:
+ - application/json
+ tags:
+ - Manage metrics account
+ responses:
+ 200:
+ description: OK
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID of the metrics account
+ accountName:
+ type: string
+ description: Name of metrics account.
+ token:
+ type: string
+ description: Metrics account token
+ createdAt:
+ type: string
+ format: date-time
+ description: Timestamp of account creation
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+
+
+ /v1/account-management/metrics-accounts/{metricsAccountId}:
+ put:
+ summary: Update a metrics account
+ consumes:
+ - application/json
+ tags:
+ - Manage metrics account
+ parameters:
+ - in: path
+ name: metricsAccountId
+ required: true
+ type: integer
+ - in: body
+ name: MetricsAccountV1Request
+ required: true
+ schema:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Name of metrics account.
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+
+ responses:
+ 200:
+ description: OK
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID of the metrics account
+ accountName:
+ type: string
+ description: Name of metrics account.
+ token:
+ type: string
+ description: Metrics account token
+ createdAt:
+ type: string
+ format: date-time
+ description: Timestamp of account creation
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+
+ delete:
+ summary: Delete a metrics account
+ tags:
+ - Manage metrics account
+ parameters:
+ - in: path
+ name: metricsAccountId
+ required: true
+ responses:
+ 200:
+ description: OK
+ get:
+ summary: Get a specific metrics account
+ produces:
+ - application/json
+ tags:
+ - Manage metrics account
+ parameters:
+ - in: path
+ name: metricsAccountId
+ required: true
+ responses:
+ 200:
+ description: OK
+ schema:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: ID of the metrics account
+ accountName:
+ type: string
+ description: Name of metrics account.
+ token:
+ type: string
+ description: Metrics account token
+ createdAt:
+ type: string
+ format: date-time
+ description: Timestamp of account creation
+ planUts:
+ type: integer
+ description: Usage plan for Unique Time Series (UTS). UTS defines the number of unique time series an account is allowed to have. If usage exceeds the plan, exceeding data points will not be processed.
+ authorizedAccountsIds:
+ type: array
+ description: IDs of authorized accounts
+ items:
+ type: integer
+
+
+
+ /v2/whoami:
+ get:
+ summary: Retrieve account information
+ description: Returns the account name as a string and the account ID as an integer. Good for testing or for confirming that you’re using an API token from the right account.
+ tags:
+ - Who am I
+ operationId: whoAmI
+ produces:
+ - application/json
+ parameters:
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v2/whoami" -H "Content-Type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/WhoAmIV2Response'
+
+ /v1/authentication/groups:
+ get:
+ summary: Get authentication groups
+ description: Returns a list of all existing authentication groups
+ tags:
+ - Authentication groups
+ operationId: getAuthGroups
+ produces:
+ - application/json
+ parameters:
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "http://api.logz.io/v1/authentication/groups" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ group:
+ type: string
+ description: Group name
+ example: group
+ userRole:
+ type: string
+ description: User role
+ example: role
+
+ post:
+ summary: Create/update authentication groups
+ description: >-
+ Creates/updates existing authentication groups. To create or update groups, you need to send all these groups in the payload. With every update, all running user sessions will be terminated, so the users need to login again. To delete a group, you need to exclude this group from the payload that you send to update groups. With every deletion, all running user sessions will be terminated, so the users need to login again.
+
+
+ **Example 1.** Create groups called `group1` and `group2`. The payload will contain `[ { \"group\": \”group1\”, \"userRole\": \”USER_ROLE_READONLY\” }, { \"group\": \”group2\”, \"userRole\": \”USER_ROLE_ADMIN\” }]`. As a result, the two groups will be created with specified permissions.
+
+
+ **Example 2.** Update existing groups called `group1` and `group2`. The payload will contain `[ { \"group\": \”group1\”, \"userRole\": \”USER_ROLE_ADMIN” }, { \"group\": \”group2\”, \"userRole\": \”USER_ROLE_READONLY\” }]`. As a result, the two groups will be updated with specified permissions.
+
+
+ **Example 3.** Delete group called `group1` from the existing two groups: `group1` and `group2`. The payload will contain `[{ \"group\": \”group2\”, \"userRole\": \”USER_ROLE_READONLY\” }]`. As a result, `group1` will be deleted, as it is excluded from the payload.
+
+ tags:
+ - Authentication groups
+ operationId: setAuthGroups
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ group:
+ type: string
+ description: Group name
+ example: group
+ userRole:
+ type: string
+ description: User role
+ example: role
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "http://api.logz.io/v1/authentication/groups" -H "accept: application/json" -H "Content-Type: application/json" -d "[ { \"group\": \"string\", \"userRole\": \"USER_ROLE_READONLY\" }]" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ group:
+ type: string
+ description: Group name
+ example: group
+ userRole:
+ type: string
+ description: User role
+ example: role
+
+ /v1/account-management/time-based-accounts:
+ get:
+ summary: Retrieve settings for all accounts
+ description: >-
+
+ Returns account settings for the main account and all of its associated sub accounts.
+
+
+ * The list of accounts is returned as an array of JSON objects.
+
+ * Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: getAll
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/TimeBasedAccount'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl --request GET --url "https://api.logz.io/v1/account-management/time-based-accounts" --header "X-API-TOKEN: "'
+ post:
+ summary: Create a sub account
+ description: >-
+ Creates a new logging sub account. Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: createTimeBasedAccount
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/TimeBasedAccountCreateRequest'
+
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/TimeBasedAccountCreationResponse'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST \
+ "https://api.logz.io/v1/account-management/time-based-accounts" \
+ -H "accept: application/json" -H "content-type: application/json" \
+ -H "X-API-TOKEN: " \
+ -d '{
+ "email": "help@logz.io",
+ "accountName": "AWS Lambda svr 3",
+ "maxDailyGB": 5,
+ "reservedDailyGB": 3,
+ "isFlexible": true,
+ "retentionDays": 5,
+ "searchable": true,
+ "accessible": false,
+ "sharingObjectsAccounts": [
+ 48672,
+ 36259
+ ],
+ "docSizeSetting": true,
+ "utilizationSettings": {
+ "frequencyMinutes": 5,
+ "utilizationEnabled": true
+ }
+ }'
+
+
+ /v1/account-management/time-based-accounts/{id}:
+ get:
+ summary: Retrieve account settings by ID
+ description: Returns account configuration settings as a JSON object. Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: get
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the account to retrieve
+ x-example: 99999
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/TimeBasedAccount'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/99999" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ put:
+ summary: Update an account
+ description: >-
+ Updates the account settings of a main account or sub account, with some exceptions, noted below:
+
+
+ * For the main account, the parameter `retentionDays` cannot be updated. It is determined by the plan you purchased.
+
+ * For the main account, if `isFlexible=false`, the parameters `maxDailyGB` and `reservedDailyGB` cannot be updated using this endpoint.
+
+ tags:
+ - Manage time-based log accounts
+ operationId: updateTimeBasedAccount
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the account to update
+ x-example: 99999
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/TimeBasedAccountUpdateRequest'
+
+ responses:
+ 204:
+ description: successful operation
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -X PUT \
+ "https://api.logz.io/v1/account-management/time-based-accounts/88888" \
+ -H "accept: application/json" -H "content-type: application/json" \
+ -H "X-API-TOKEN: " \
+ -d "{
+ \"accountName\": \"AWS Lambda svr 3\",
+ \"maxDailyGB\": 5,
+ "reservedDailyGB\": 3,
+ \"retentionDays\": 5,
+ \"searchable\": true,
+ \"accessible\": false,
+ \"sharingObjectsAccounts\": [
+ 55555
+ ],
+ \"docSizeSetting\": true,
+ \"utilizationSettings\": {
+ \"frequencyMinutes\": 5,
+ \"utilizationEnabled\": true
+ }
+ }"
+ delete:
+ summary: Delete a sub account
+ description: Deletes a sub account by its account ID. Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: deleteTimeBasedAccount
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the account to be deleted.
+ x-example: 99999
+ responses:
+ 204:
+ description: successful operation
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/account-management/time-based-accounts/88888" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ /v1/account-management/time-based-accounts/detailed:
+ get:
+ summary: Retrieve detailed information for all accounts
+ description: >-
+ Returns detailed account information for the main account and all of its associated sub accounts. Information includes usage and sharing permissions for Kibana objects.
+
+ * The list of accounts is returned as an array of JSON objects. Each sub account is its own object.
+
+ * Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: getAllDetailedTimeBasedAccount
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/DetailedTimeBasedAccount'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/detailed" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ /v1/account-management/time-based-accounts/detailed/{id}:
+ get:
+ summary: Retrieve detailed account information by account ID
+ description: Returns detailed account information. Must be run with an API token from the main account.
+ tags:
+ - Manage time-based log accounts
+ operationId: getDetailedTimeBasedAccount
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the account to retrieve
+ x-example: 99999
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/DetailedTimeBasedAccount'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/detailed/99999" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+
+
+
+
+
+ # ::::: SEARCH, SCROLL
+ /v1/search:
+ post:
+ operationId: search
+ summary: Search logs
+ description: >-
+ Searches your account data using the [Elasticsearch Search API DSL](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search.html) query language.
+
+
+ **total:** This call returns up to 1,000 results per query for aggregated results, or 10,000 results for non-aggregated results.
+
+
+ **Note:** To ensure speed and availability of your logs, we restrict some options from the Elasticsearch defaults that could hamper system performance. Restrictions are described with their respective elements below.
+ tags:
+ - Search logs
+ parameters:
+ - in: query
+ name: dayOffset
+ type: integer
+ schema:
+ description: >-
+ Slide the 2-day search time range by _x_ days.
+ For example, if set to `5`, search returns results from 5 days ago and 4 days ago, UTC.
+
+ The `dayOffset` parameter will go back to the last index in the set value and send back the results of that index +1.
+
+
+ Maximum is your account's retention period.
+
+
+ If set to `0` or `1`, search returns default results (today and yesterday, UTC).
+ minimum: 0
+ - in: query
+ name: accountIds
+ type: integer
+ schema:
+ description: >-
+ ID of the sub account to search.
+ By default, only this account is searched.
+
+
+ A main account can search a sub account as long as it has the right permissions.
+ To give search permissions to the main account,
+ log in to the main account,
+ go to the [Manage accounts](https://app.logz.io/#/dashboard/settings/manage-accounts) page,
+ and select **Searchable from the main account** for the intended sub account.
+
+
+ To include multiple accounts, repeat this parameter for each account
+ (for example: `accountIds=500&accountIds=600`).
+
+
+ **Important**:
+ If you include an account without the right permissions,
+ the request will fail.
+
+
+ If you include this parameter, the current account won't be searched
+ unless you explicitly include it in the query.
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: object
+ required:
+ - query
+ properties:
+ query:
+ type: object
+ description: >-
+ The query can take any of the parameters described in the [Elasticsearch Search API DSL documentation](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search.html) with the exceptions stated below.
+
+ #### Limitations
+
+ * When using `query_string`, `allow_leading_wildcard` must be set to `false`
+
+ * `wildcard` can't start with `*` or `?`
+
+ * Can't contain `fuzzy_max_expansions`, `max_expansions`, or `max_determinized_states`
+
+
+ #### Notes on the search time range
+
+ * By default, your query runs on data sent today and yesterday, UTC.
+ You can move this 2-calendar-day window by using the `dayOffset` query parameter.
+
+ * Searches without a `timestamp` filter will return the last 2 calendar days, UTC.
+ You can search other calendar days (up to 2 at a time) using a filter on the `timestamp`.
+
+ example: { "bool": { "must": [{ "range": { "@timestamp": { "gte": "now-5m", "lte": "now" } } }] } }
+ from:
+ type: integer
+ minimum: 0
+ default: 0
+ description: Of the results found, the first result to return.
+ example: 0
+ size:
+ type: integer
+ description: Number of results to return
+ default: 10
+ maximum: 10,000
+ example: 0
+ sort:
+ type: array
+ description: >-
+ #### Limitations
+
+ * Can't sort or aggregate on analyzed fields, such as the `message` field
+ items:
+ type: object
+ _source:
+ type: object
+ description: >-
+ The object `includes` specifies an array of strings specifying an array of fields to return.
+
+ * If you omit `_source` from the request, all fields are returned.
+
+ * If you pass `'_source': false`, it will exclude the `_source` field from the results.
+ properties:
+ includes:
+ type: array
+ description: Array of fields to return
+ example: ["message"]
+ items:
+ - type: string
+ description: Field to return.
+ example: false
+ post_filter:
+ type: object
+ description: A filter applied after the aggregations have been calculated. Useful for reusing a single query to calculate several outputs with different filtering criteria. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-post-filter.html) for details.
+ example: null
+ docvalue_fields:
+ type: array
+ description: Powers inverted indexing. Allows queries to look up the search term in unique sorted list by @timestamp. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-docvalue-fields.html) for details.
+ items:
+ type: string
+ example: ["@timestamp"]
+ version:
+ type: boolean
+ description: Returns a version for each result. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-version.html) for details.
+ stored_fields:
+ type: array of strings
+ description: Useful for querying for fields that don’t appear in the _source field or querying for larger documents by date or title. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-stored-fields.html) for details.
+ example: ["*"]
+ highlight:
+ type: object
+ description: Highlight strings in one or more fields in your search results. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-request-highlighting.html) for details.
+ aggregations:
+ type: object
+ description: >-
+ Apply field aggregations. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-aggregations.html) for details.
+
+
+ #### Limitations
+
+ * When using the `size` element, the value must be ≤ `1000`
+
+ * Can't nest 2 or more bucket aggregations of these types: `date_histogram`, `geohash_grid`, `histogram`, `ip_ranges`, `significant_terms`, `terms`
+
+ * Can't sort or aggregate on analyzed fields, such as the `message` field
+
+ * Aggregation type `significant_terms` and `multi_terms` can't be used
+
+
+ **Note:** You can use `aggs` or `aggregations` as the field name
+ example: { "byType": { "terms": { "field": "type", "size": 5 } } }
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST https://api.logz.io/v1/search \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "query": {
+ "bool": {
+ "must": [{
+ "range": {
+ "@timestamp": {
+ "gte": "now-5m",
+ "lte": "now"
+ }
+ }
+ }]
+ }
+ },
+ "from": 0,
+ "size": 0,
+ "sort": [{}],
+ "_source": false,
+ "post_filter": null,
+ "docvalue_fields": [],
+ "version": false,
+ "stored_fields": ["*"],
+ "highlight": {},
+ "aggs": {
+ "byType": {
+ "terms": {
+ "field": "type",
+ "size": 5
+ }
+ }
+ }
+ }'
+ responses:
+ 200:
+ description: successful query. `hits` are the total number of logs that match the query, which will always be in the 0-2 day range. `total` are the actual logs that are returned when using the query, which are not limited by the selected time range.
+ schema:
+ type: object
+ example: >-
+ {
+ "hits": {
+ "total": 339604,
+ "max_score": 0.0,
+ "hits": [ ]
+ },
+ "aggregations": {
+ "byType": {
+ "doc_count_error_upper_bound": 0,
+ "sum_other_doc_count": 44879,
+ "buckets": [
+ {
+ "key": "web-app",
+ "doc_count": 163690
+ }, {
+ "key": "core-service",
+ "doc_count": 64893
+ }
+ ]
+ }
+ }
+ }
+
+
+
+ /v1/scroll:
+ post:
+ summary: Scroll logs
+ tags:
+ - Search logs
+ description: >-
+ This endpoint can take 2 types of call requests. The first type runs a search query that returns a `scrollID` and the first batch of paginated results. The second request type passes only the `scroll_id`
+ (The variation in the field name is intentional) to fetch the next batches of paginated results.
+ This endpoint always returns results as a stringified JSON.
+
+
+ How it works:
+
+
+ First, send a request to establish the `scrollID`. This initial request contains the query object and additional parameters, similar to the `v1/search` endpoint, with the exception that `dayOffset` and `accountIds` are not supported. The request will return the field `scrollId` and the number of `hits`, representing the number of matching results.
+
+ For example, the `scroll_Id` string may have a value `*************80Y1JVcldDaVEAAAAAjeoh8hZYNkVkXzNhWVJRaUIwcWF5TEVnU2ZR`.
+
+
+ Next, send the `scroll_id` in the request body to retrieve the log results as a stringified JSON. Each call returns the next page, where each page can return a maximum of 1000 results. Every time you resend the same `scroll_id` in the request body, it returns the next page until it reaches the end of the results. Note that 'scrollID' expires after 20 minutes.
+
+
+ Every time you send the request with the same `scroll_id`, the next batch of results is returned.
+ Keep sending the same scroll ID as many times as needed to retrieve all of the available results.
+ The results are paginated, and every request returns the next page, one at a time.
+
+
+ When the call returns an empty array, you'll know you've reached the end of your results.
+
+
+ **Note**:
+
+
+ * Send the field `scroll_id` in requests (snake_case).
+
+ * Receive the field `scrollID` in your responses (camelCase). It expires after 20 minutes.
+ operationId: scroll
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ScrollRequest'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST https://api.logz.io/v1/scroll \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "size": 10,
+ "query": {
+ "bool": {
+ "must": [{
+ "range": {
+ "@timestamp": {
+ "gte": "now-5m",
+ "lte": "now"
+ }
+ }
+ }]
+ }
+ },
+ "aggs": {
+ "byType": {
+ "terms": {
+ "field": "type",
+ "size": 5
+ }
+ }
+ }
+ }'
+ responses:
+ 200:
+ description: successful operation. `hits` are the total number of logs that match the query, which will always be in the 0-2 day range. `total` are the actual logs that are returned when using the query, which are not limited by the selected time range.
+
+ schema:
+ $ref: '#/definitions/ScrollResponse'
+
+
+ # ::::: Archive
+ /v2/archive/settings:
+ get:
+ summary: Retrieve archiving settings
+ description: >-
+ Gets the current archive settings for a time-based log account.
+
+
+ Note that only one archive can be active per account.
+ tags:
+ - Archive logs
+ operationId: getSettingsForAccount
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ArchiveSettingsResponse'
+ post:
+ summary: Set up archiving
+ description: Configure archiving for a time-based log account. One archive can be configured per account (or sub account). For more on this, see [AWS Access with IAM](https://docs.logz.io/user-guide/give-aws-access-with-iam-roles/) and [Archiving](https://docs.logz.io/user-guide/archive-and-restore/configure-archiving.html).
+ tags:
+ - Archive logs
+ operationId: createSettings
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ArchiveSettings'
+ responses:
+ default:
+ description: successful operation
+ /v2/archive/settings/test:
+ post:
+ summary: Test archive settings
+ description: Tests the settings and returns the status code to confirm that a connection with the provider was established.
+ tags:
+ - Archive logs
+ operationId: testSettings
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/TestStorageRequest'
+ responses:
+ default:
+ description: successful operation
+ /v2/archive/settings/{id}:
+ get:
+ summary: Retrieve archive settings
+ description: Retrieves an archiving settings by the ID of the settings.
+ tags:
+ - Archive logs
+ operationId: getSettings
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the archive settings.
+ example: 33
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ArchiveSettingsResponse'
+ headers: {}
+ put:
+ summary: Update archive settings
+ description: >-
+ Updates the archiving settings for a time-based log account. (The API token identifies the account.)
+
+
+ You can use this endpoint to:
+
+ * Switch archive settings between AWS and Azure Blob Storage or vice versa.
+
+ * Update credentials.
+
+ * Switch your AWS authentication method between credential keys and IAM roles.
+
+
+ Note that only one archive can be active per account.
+ tags:
+ - Archive logs
+ operationId: updateSettings
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the archive settings.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ArchiveSettings'
+ responses:
+ default:
+ description: successful operation
+ delete:
+ summary: Delete archive settings
+ description: Deletes the archiving settings for a time-based log account.
+ tags:
+ - Archive logs
+ operationId: deleteSettings
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the archive settings.
+ responses:
+ default:
+ description: successful operation
+
+
+ # ::::: Restore
+ /archive/restore:
+ get:
+ summary: Retrieve all restore operations
+ description: Returns a complete history of all restore operations initiated for the account.
+ tags:
+ - Restore logs
+ operationId: getRestoreRequestsForAccountApi
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters: []
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/RestoreApiResponse'
+ headers: {}
+ post:
+ summary: Initiate restore operation
+ description: Initiates a new operation to restore data from a specific time frame. (As a result, also triggers the creation of a temporary restored account in Logz.io to hold the restored data until its automatic expiration.)
+ tags:
+ - Restore logs
+ operationId: createRestore
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/RestoreApiRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RestoreApiResponse'
+ headers: {}
+ /archive/restore/{id}:
+ get:
+ summary: Get an update on a restore operation
+ description: Returns the status of a specific restore operation by its ID.
+ tags:
+ - Restore logs
+ operationId: getRestoreRequestByIdApi
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the restore process
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RestoreApiResponse'
+ headers: {}
+ delete:
+ summary: Delete a restore operation
+ description: Aborts a restore process before its completion.
+ tags:
+ - Restore logs
+ operationId: abortRestoreRequestApi
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the restore process.
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RestoreApiResponse'
+ headers: {}
+
+ # ::::: Sawmill
+ /v1/sawmill/log-type-pipeline/logType:
+ post:
+ operationId: getSawmillTestType
+ summary: Parse sample logs with a Sawmill pipeline
+ description: Performs parsing of sample logs with a given Sawmill pipeline (https://github.com/logzio/sawmill/wiki). A pipeline is a collection of parsing rules to be executed in a specific order where the syntax and functionality follow the guidelines of the Sawmill library. **Note:** this endpoint is not used to create or update parsing, but for testing purposes only,
+ tags:
+ - Parsing
+ produces:
+ - application/json
+ parameters:
+ - in: path
+ name: logType
+ description: Type of the log being parsed. This can be an existing type (already sent to Logz.io) or a new type (to be sent to Logz.io for parsing).
+ example: TestType
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: object
+ properties:
+ PipelineDefinition:
+ type: object
+ properties:
+ pipeLineDefinition:
+ type: string
+ example: "{ \"steps\": [ { \"kv\": { \"config\": { \"field\": \"hello\", \"fieldSplit\": \" \", \"valueSplit\": \"=\", \"includeKeys\": [ \"time\", \"level\", \"msg\" ] } } } ] }"
+ SampleLog:
+ type: object
+ properties:
+ type:
+ type: string
+ example: "logType"
+ fullMessage:
+ type: object
+ properties:
+ message:
+ type: string
+ example: "hi"
+ hello:
+ type: string
+ example: "time=\"2022-07-22T07:18:28Z\" level=info msg=\"Error uploading file /var/lib/winlogbeat/test.json: BucketRegionError: incorrect region, the bucket is not in '\"us-east-1'\" region, host id: 64fD82\""
+
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ type: array
+ description: The response provides the value of `sampleLogs` after parsing.
+ items:
+ type: object
+ example: >-
+ {"Movie":"TheMatrix","fragment":"test","@timestamp":"2021-08-15T12:17:45.731+0000","check":"value","message":"balima","type":"TestType","UA-device":"Other"}
+ get:
+ operationId: getLogType
+ summary: Get pipeline definition for a log type
+ description: Receive pipeline definition for a given log type, if the definition is already stored.
+ tags:
+ - Parsing
+ produces:
+ - application/json
+ parameters:
+ - in: path
+ name: logType
+ description: Log type that you need to retrieve a Sawmill pipeline for. If no parsing has been applied to this log type, 404 error will be given.
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: object
+ example: >-
+ {"steps":[{"addField":{"name":"addField","config":{"path":"Movie","value":"TheMatrix"}}}]}
+ '404':
+ description: pipeline not found for this log type
+ schema:
+ type: object
+ example:
+ - errorCode: SAWMILL_SELF_PARSE/PIPELINE NOT FOUND
+ message: log type with name (logType) not found
+ parameters:
+ - logTypeName: SampleLogType
+
+ /v1/sawmill/external-mapping/upload:
+ post:
+ operationId: postSawmillMappingFile
+ summary: Upload an external mapping file to Logz.io storage.
+ description: Uploads an external mapping file in `.properties` format to Logz.io storage. This file can be used later by Sawmill [ExternalMappingSourceProcessor](https://github.com/logzio/sawmill/wiki/External-Mapping-Source-Processor). This feature is not available by default. To enable it, contact Logz.io support. 10 files can be uploaded per account. The file size is limited to 50 MB.
+ tags:
+ - Parsing
+ produces:
+ - application/json
+ requestBody:
+ content:
+ multipart/form-data:
+ schema:
+ properties:
+ file:
+ type: array
+ items:
+ type: string
+ format: binary
+ responses:
+ '201':
+ description: successful operation
+ schema:
+ type: object
+ properties:
+ result:
+ type: string
+ example: Successfully updated external mapping
+ description: Successfully updated external mapping
+ '400':
+ description: bad request
+ schema:
+ type: object
+ properties:
+ errorCode:
+ type: string
+ example: FILE_RESTRICTIONS/EXTERNAL_MAPPINGS_LIMIT_REACHED
+ message:
+ type: string
+ example: Failed to upload external mapping. Exceeded allowed amount of mapping files per account - 10. Please Contact Support to delete old mappings.
+ requestId:
+ type: string
+ parameters:
+ type: object
+ properties:
+ currentLimit:
+ type: integer
+ example: 10
+ '422':
+ description: validation error
+ schema:
+ type: object
+ properties:
+ result:
+ type: string
+ example: Failed to update external mapping
+ description: Failed to update external mapping
+
+ /v1/account/log-types:
+ get:
+ operationId: getLogTypes
+ summary: Get all log types
+ description: Get all log types for a given account including the log types with no parsing attached.
+ tags:
+ - Parsing
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: array
+ items:
+ type: string
+ example: [“metering-access”,“lag-monitor”,“business-analytics-metrics”,“consul-agent”,“auth0”]
+
+
+ # ::::: Alerts V2
+ /v2/alerts:
+ get:
+ operationId: getAllAlerts
+ summary: Retrieve all alerts
+ description: Returns the complete list of all alerts configured for the account.
+ tags:
+ - Alerts
+ produces:
+ - application/json
+ parameters:
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/AlertV2Response'
+ headers: {}
+ post:
+ summary: Create an alert
+ description: Configures and activates a new alert.
+ tags:
+ - Alerts
+ operationId: createAlert
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AlertV2Request'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AlertV2Response'
+
+ /v2/alerts/{alertId}:
+ get:
+ summary: Retrieve alert by ID
+ description: Returns alert details by alert ID.
+ tags:
+ - Alerts
+ operationId: getAlert
+ produces:
+ - application/json
+ parameters:
+ - name: alertId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: Unique identifier of the alert in Logz.io.
+ example: 563412
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AlertV2Response'
+ headers: {}
+ put:
+ summary: Update an alert
+ description: Applies changes to an alert, identified by its ID. Can be used to enable or disable the alert.
+ tags:
+ - Alerts
+ operationId: updateAlert
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AlertV2Request'
+ - name: alertId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: Unique identifier of the alert in Logz.io.
+ example: 563412
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AlertV2Response'
+ delete:
+ operationId: deleteAlert
+ summary: Delete an alert
+ description: Deletes an alert identified by its ID.
+ tags:
+ - Alerts
+ produces:
+ - application/json
+ parameters:
+ - name: alertId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: Unique identifier of the alert in Logz.io.
+ example: 563412
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AlertV2Response'
+ headers: {}
+ /v2/alerts/{id}/enable:
+ post:
+ summary: Enable alert by ID
+ description: Enables an alert by its alert ID. This is reversible. The alert can be disabled again at any time.
+ operationId: enableAlert
+ tags:
+ - Alerts
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Alert ID
+ in: path
+ required: true
+ type: integer
+ format: int32
+ example: 654312
+ responses:
+ default:
+ description: successful operation
+ /v2/alerts/{id}/disable:
+ post:
+ operationId: disableAlert
+ summary: Disable alert by ID
+ description: Disables an alert by its alert ID. This is reversible. The alert can be enabled again at any time.
+ tags:
+ - Alerts
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Alert ID
+ in: path
+ required: true
+ type: integer
+ format: int32
+ example: 654321
+ responses:
+ default:
+ description: successful operation
+
+ # ::::: TriggeredAlerts V1
+
+ /v1/alerts/triggered-alerts:
+ post:
+ operationId: TriggeredAlerts
+ summary: Retrieve triggered alerts
+ description: Returns a paged filtered list of triggered alerts for your accounts.
+ tags:
+ - Alerts
+ produces:
+ - application/json
+ parameters:
+ - name: from
+ in: query
+ type: integer
+ minimum: 0
+ default: 0
+ description: Of the results found, the first result to return.
+ example: 0
+ - name: size
+ in: query
+ type: integer
+ description: Size of page to return.
+ example: 15
+ - name: search
+ in: query
+ type: string
+ description: Part of the alert name to filter by name (ignore case).
+ example: test
+ - name: severities
+ in: query
+ type: array
+ items:
+ type: string
+ enum:
+ -
+ - SEVERE
+ - HIGH
+ - MEDIUM
+ - LOW
+ - INFO
+ example: '["SEVERE", "HIGH"]'
+ description: Filter results by severity of triggered alerts.
+ - name: sortBy
+ in: query
+ description: Sort alerts by date or severity.
+ schema:
+ type: string
+ enum: [DATE, SEVERITY]
+ - name: sortOrder
+ in: query
+ description: Sort order of alerts retrieved.
+ schema:
+ type: string
+ enum: [ASC, DESC]
+ - name: tags
+ in: query
+ type: array
+ items:
+ type: string
+ description: List of tags the alert is related to.
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST https://api.logz.io/v1/alerts/triggered-alerts \
+ -H 'Content-Type: application/json' \
+ -H 'X-API-TOKEN: ' \
+ -d '{
+ "from": 0,
+ "size": 15,
+ "search": "test",
+ "severities": ["HIGH", "LOW"],
+ "sortBy": "DATE",
+ "sortOrder": "ASC",
+ "tags": "network"
+ }'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/TriggeredAlertsResponse'
+ headers: {}
+
+
+
+
+ # ::::: Deployment markers
+ /v2/markers/create-markers:
+ post:
+ tags:
+ - Deployments
+ operationId: createMarkers
+ summary: Add deployment markers to Exception graphs
+ description: Send logs with details of service deployments to annotate Exception graphs in Kibana Discover. [Learn more about Deployment markers](/user-guide/logs/exceptions-deployments.html)
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/CreateMarkersRequest'
+ responses:
+ default:
+ description: 204 No Content
+
+
+ # ::::: Log Insights
+ /v1/insights/list:
+ post:
+ summary: Get the list of Insights
+ tags:
+ - Insights
+ description: >-
+ Get the list of Insights that match your search criteria.
+
+
+ Whenever a new Insight is detected, it receives an Insight ID and is tracked for as long as it recurs. The lookback period for Insights is 6 months.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ operationId: getPublicInsights
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/PublicGetAccountInsightsRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PageResponsePublicAccountInsightResponse'
+
+ # ::::: AUDIT TRAIL
+ /v1/audit-trail/event-types:
+ post:
+ operationId: listAccountAuditTrails
+ summary: Retrieve all event types in the audit trail
+ description: Returns an array of strings. Each string is an event type that appears in the account's audit trail. Each event type is shown once, no matter how many times it occurs in the account's audit trail.
+ tags:
+ - Retrieve audit trail
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AuditTrailEventTypesResponse'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/audit-trail/event-types" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ /v1/audit-trail:
+ post:
+ operationId: listAccountAuditTrailsFiltered
+ summary: Retrieve a filtered list of audit trail events
+ tags:
+ - Retrieve audit trail
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AuditTrailFilterRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/audit-trail" -H "accept: application/json" -H "X-API-TOKEN: " -H "Content-Type: application/json" -d "{\"from\":20, \"size\":15, \"fromDate\":1520444072192, \"toDate\":1528216472192, \"sortDescending\":true, \"includeFiltersData\":true, \"auditEventType\":null, \"auditEventUser\":null}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AuditTrailFilteredResponse'
+
+ # ::::: CLOUDTRAIL
+ /v1/log-shipping/cloudtrails:
+ get:
+ operationId: getAccountCloudTrails
+ summary: Retrieve all connected CloudTrail resources
+ description: >-
+ Returns a list of CloudTrail resources connected to your Logz.io account.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Connect to CloudTrail
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/CloudTrailResponse'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/log-shipping/cloudtrails" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ post:
+ operationId: createCloudTrail
+ summary: Create a new CloudTrail connector
+ description: >-
+ Establishes a new connection to a CloudTrail resource. As a result, logs from your CloudTrail resource will ship to the connected Logz.io account via an AWS S3 bucket.
+
+
+ CloudTrail logs will be parsed using the Logz.io custom CloudTrail parsing pipeline.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Connect to CloudTrail
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/CloudTrailRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/IdBean'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ 'curl -compressed -X POST "https://api.logz.io/v1/log-shipping/cloudtrails" \
+ -d "{
+ \"accessKey\": \"ee07df5801500745419c6dff\",
+ \"secretKey\": \"506d891fe2163a511b450eddc3279539f6\",
+ \"bucket\": \"LogzioBucket\",
+ \"prefix\": \"AWSLogs/7364988021587/myprefix\",
+ \"active\": true
+ }"'
+ /v1/log-shipping/cloudtrails/{id}:
+ get:
+ operationId: getCloudTrail
+ summary: Retrieve CloudTrail connector by ID
+ description: >-
+ Returns details for a CloudTrail connector, identified by its ID.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Connect to CloudTrail
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: Logz.io ID of the CloudTrail connector
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/CloudTrailResponse'
+ put:
+ operationId: updateCloudTrail
+ summary: Update a CloudTrail connector
+ description: >-
+ Updates details for a CloudTrail connector.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Connect to CloudTrail
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/CloudTrailRequest'
+ - name: id
+ description: Logz.io ID of the CloudTrail connector.
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/MessageBean'
+ delete:
+ operationId: deleteCloudTrail
+ summary: Delete a CloudTrail connector
+ description: >-
+ Deletes a CloudTrail connector. As a result, CloudTrail will stop shipping data to your Logz.io account.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Connect to CloudTrail
+ parameters:
+ - name: id
+ description: Logz.io ID of the CloudTrail connector.
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/MessageBean'
+
+ # ::::: S3 log shipping
+ /v1/log-shipping/s3-buckets:
+ get:
+ summary: Retrieve all connected S3 buckets
+ description: >-
+ Returns a list of all S3 buckets connected to your Logz.io account.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: getS3Buckets
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/S3BucketResponse'
+ post:
+ summary: Create a new S3 bucket connector
+ description: >-
+ Establishes a new connection of the Logz.io fetcher to an AWS S3 bucket. As a result, logs from your AWS resource will begin shipping to the connected Logz.io account via an AWS S3 bucket.
+
+
+ Logs will be parsed using the Logz.io custom parsing pipeline for the resource.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: createBuckets
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/S3BucketRequest'
+ responses:
+ default:
+ description: successful operation
+ '/v1/log-shipping/s3-buckets/{id}':
+ get:
+ summary: Retrieve an S3 bucket connector by ID
+ description: >-
+ Returns connection details for an S3 bucket connector by its ID.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: getS3Bucket
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Logz.io ID of the S3 Bucket connector. You can run the relevant GET endpoints to retrieve the ID.
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/S3BucketResponse'
+ put:
+ summary: Update an S3 bucket connector
+ description: >-
+ Updates connection details for an S3 bucket connector.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: updateBucket
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ description: Logz.io ID of the S3 Bucket connector. You can run the relevant GET endpoints to retrieve the ID.
+ required: true
+ type: integer
+ format: int32
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/S3BucketRequest'
+ responses:
+ default:
+ description: successful operation
+ delete:
+ summary: Delete an S3 connector
+ description: >-
+ Deletes an S3 bucket connector. As a result, the connected AWS resource will stop shipping logs to your Logz.io account.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: deleteBucket
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Logz.io ID of the S3 bucket connector. You can run the relevant GET endpoints to retrieve the ID.
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ default:
+ description: successful operation
+ /v1/log-shipping/s3-buckets/aws-assume-role-details:
+ get:
+ summary: Get account information for IAM Role
+ description: >-
+ Returns the Logz.io parameters needed to create an AWS IAM Role in the AWS admin console.
+
+
+ The next steps after running this endpoint:
+
+ * Open your AWS admin console and create a new IAM Role. Once the role is created, you will obtain an ARN for it. Keep it handy for the next step.
+
+ * Create a new S3 bucket connector. Provide the ARN from the previous step in the request body.
+
+ tags:
+ - Connect to S3 Buckets
+ operationId: getAWSAssumeRoleDetails
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/AWSAssumeRoleDetails'
+ headers: {}
+
+ # ::::: NOTIFICATION ENDPOINTS
+ /v1/endpoints/slack:
+ post:
+ operationId: createSlack
+ summary: Create a Slack endpoint
+ tags:
+ - Manage notification endpoints
+ description: Creates a new Slack notification endpoint or sends a test message to Slack
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/SlackEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/slack?test=false" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d \"{ \"title\": \"New Slack endpoint\", \"description\": \"Sends notifications to #logzio-alerts channel\", \"url\": \"https://hooks.slack.com/services/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\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/slack/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update Slack endpoint
+ description: Updates a Slack notification endpoint or sends a test message to Slack
+ operationId: updateSlack
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/SlackEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/endpoints/slack/269?test=false" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"Updated Slack endpoint\", \"description\": \"Sends notifications to #logzio-alerts channel\", \"url\": \"https://hooks.slack.com/services/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\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/custom:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create a custom notification endpoint
+ description: Creates a new notification endpoint for a custom integration or sends a test message to the custom endpoint.
+ operationId: createCustom
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/CustomEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/custom" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"New custom endpoint\", \"description\": \"Sends notifications to my custom endpoint\", \"url\": \"https://my.custom-endpoint.com\", \"method\": \"POST\", \"headers\": \"authKey=6e30-60a9-3591\", \"bodyTemplate\": {\"subject\": \"Alert from Logz.io\", \"message\": {\"severity\": \"LOW\", \"body\": \"Check Logz.io for log activity\"} }}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/custom/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update a custom notification endpoint
+ description: Updates a new notification endpoint for a custom integration or sends a test message to the custom endpoint.
+ operationId: updateCustom
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/CustomEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/endpoints/custom/275" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"Updated custom endpoint\", \"description\": \"Sends notifications to my custom endpoint\", \"url\": \"https://my.custom-endpoint.com/\", \"method\": \"POST\", \"headers\": \"authKey=6e30-60a9-3591\", \"bodyTemplate\": {\"subject\": \"Alert from Logz.io\", \"message\": {\"severity\": \"LOW\", \"body\": \"Check Logz.io for log activity\"} }}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/pager-duty:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create a PagerDuty endpoint
+ description: Creates a new PagerDuty notification endpoint or sends a test message to PagerDuty.
+ operationId: createPagerDuty
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/PagerDutyEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/pager-duty" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New PagerDuty endpoint\", \"description\": \"Sends notifications to PagerDuty\", \"serviceKey\": \"78c3b6cf0a884a538410fe281227eb0b\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/pager-duty/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update a PagerDuty endpoint
+ description: Updates a PagerDuty notification endpoint or sends a test message to PagerDuty
+ operationId: updatePagerDuty
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/PagerDutyEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/endpoints/pager-duty/271" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"Updated PagerDuty endpoint\", \"description\": \"Sends notifications to PagerDuty\", \"serviceKey\": \"78c3b6cf0a884a538410fe281227eb0b\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/big-panda:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create a BigPanda endpoint
+ description: Creates a new BigPanda notification endpoint or sends a test message to BigPanda.
+ operationId: createBigPanda
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/BigPandaEndpointUpsertRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/big-panda" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New BigPanda endpoint\", \"description\": \"Sends notifications to BigPanda\", \"apiToken\": \"94ad63254a1397a51a1ae340c4f10890\", \"appKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ /v1/endpoints/big-panda/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update a BigPanda endpoint
+ description: Updates a BigPanda notification endpoint or sends a test message to BigPanda
+ operationId: updateBigPanda
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/BigPandaEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/endpoints/big-panda/272" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"Updated BigPanda endpoint\", \"description\": \"Sends notifications to BigPanda\", \"apiToken\": \"94ad63254a1397a51a1ae340c4f10890\", \"appKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/data-dog:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create a Datadog endpoint
+ description: Creates a new Datadog notification endpoint or sends a test message to Datadog.
+ operationId: createDataDog
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/DatadogEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/data-dog" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New Datadog endpoint\", \"description\": \"Sends notifications to Datadog\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/data-dog/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update a Datadog endpoint
+ description: Updates a Datadog notification endpoint or sends a test message to Datadog
+ operationId: updateDataDog
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/DatadogEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "http://endpoints/data-dog/273" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"Updated Datadog endpoint\", \"description\": \"Sends notifications to Datadog\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/victorops:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create a VictorOps endpoint
+ description: Creates a new VictorOps notification endpoint or sends a test message to VictorOps.
+ operationId: createVictorops
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/VictoropsEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/victorops" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New VictorOps endpoint\", \"description\": \"Sends notifications to VictorOps\", \"routingKey\": \"devops\", \"messageType\": \"WARNING\", \"serviceApiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/victorops/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update a VictorOps endpoint
+ description: Updates a VictorOps notification endpoint or sends a test message to VictorOps
+ operationId: updateVictorops
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/VictoropsEndpointUpsertRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/endpoints/victorops/274" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"New VictorOps endpoint\", \"description\": \"Sends notifications to VictorOps\", \"routingKey\": \"devops\", \"messageType\": \"WARNING\", \"serviceApiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ /v1/endpoints/{id}:
+ get:
+ tags:
+ - Manage notification endpoints
+ summary: Retrieve an endpoint by ID
+ description: Returns a JSON object representing a notification endpoint configured in the account.
+ operationId: getEndpointById
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/endpoints/88" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/Endpoint'
+ delete:
+ tags:
+ - Manage notification endpoints
+ summary: Delete an endpoint
+ description: Deletes a notification endpoint
+ operationId: deleteEndpoint
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/endpoints/269" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 204:
+ description: successful operation
+ /v1/endpoints:
+ get:
+ tags:
+ - Manage notification endpoints
+ summary: Retrieve all notification endpoints
+ description: Returns an array of JSON objects. Each object represents a notification endpoint configured in the account.
+ operationId: getAllEndpoints
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/endpoints" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/Endpoint'
+ /v1/endpoints/ops-genie:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create an OpsGenie endpoint
+ description: Creates a new OpsGenie notification endpoint or sends a test message to OpsGenie.
+ operationId: createOpsGenie
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/OpsGenieEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/ops-genie" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New OpsGenie endpoint\", \"description\": \"Sends notifications to OpsGenie\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/ops-genie/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update an OpsGenie endpoint
+ description: Updates an OpsGenie notification endpoint or sends a test message to OpsGenie.
+ operationId: updateOpsGenie
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/OpsGenieEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "http://endpoints/ops-genie/273" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"Updated OpsGenie endpoint\", \"description\": \"Sends notifications to OpsGenie\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/service-now:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create an ServiceNow endpoint
+ description: Creates a new ServiceNow notification endpoint or sends a test message to ServiceNow.
+ operationId: createServiceNow
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ServiceNowEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/service-now" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New ServiceNow endpoint\", \"description\": \"Sends notifications to ServiceNow\", \"username\": \"User\", \"password\": \"Password\", \"url\": \"https://my.custom-endpoint.com\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/service-now/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update an ServiceNow endpoint
+ description: Updates an ServiceNow notification endpoint or sends a test message to ServiceNow.
+ operationId: updateServiceNow
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ServiceNowEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "http://endpoints/service-now/273" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New ServiceNow endpoint\", \"description\": \"Sends notifications to ServiceNow\", \"username\": \"User\", \"password\": \"Password\", \"url\": \"https://my.custom-endpoint.com\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/microsoft-teams:
+ post:
+ tags:
+ - Manage notification endpoints
+ summary: Create an Microsoft Teams endpoint
+ description: Creates a new Microsoft Teams notification endpoint or sends a test message to Microsoft Teams.
+ operationId: createMicrosoftTeams
+ parameters:
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/MicrosoftTeamsEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/endpoints/microsoft-teams" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"title\": \"New OpsGenie endpoint\", \"description\": \"Sends notifications to OpsGenie\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+ /v1/endpoints/microsoft-teams/{id}:
+ put:
+ tags:
+ - Manage notification endpoints
+ summary: Update an Microsoft Teams endpoint
+ description: Updates an Microsoft Teams notification endpoint or sends a test message to Microsoft Teams.
+ operationId: updateMicrosoftTeams
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ - name: test
+ in: query
+ required: false
+ type: boolean
+ default: false
+ description: >-
+ To send a test message to the endpoint, `true`. Otherwise, `false`.
+
+
+ **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/MicrosoftTeamsEndpointUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "http://endpoints/microsoft-teams/273" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"title\": \"Updated ServiceNow endpoint\", \"description\": \"Sends notifications to ServiceNow\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/EndpointUpsertResponse'
+
+ # ::::: KIBANA IMPORT/EXPORT
+ /v1/kibana/export:
+ post:
+ tags:
+ - Import or export Kibana objects
+ summary: Export Kibana objects
+ description: >-
+ Exports the configuration of Kibana objects. All objects of a single type (search, visualization, or dashboard) are returned as an array of JSON objects. For example, if you export `visualization`, each visualization is returned as a JSON object.
+
+
+ You can import objects using the [/kibana/import](#operation/importSavedObjects) endpoint.
+ operationId: exportSavedObjects
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/KibanaExportRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/kibana/export" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"type\": \"visualization\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/KibanaExportResponse'
+ /v1/kibana/import:
+ post:
+ tags:
+ - Import or export Kibana objects
+ summary: Import Kibana objects
+ description: Imports Kibana search, visualization, or dashboard objects. You can export objects using the [/kibana/export](#operation/exportSavedObjects) endpoint.
+ operationId: importSavedObjects
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/KibanaImportRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/KibanaImportResponse'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST "https://api.logz.io/v1/kibana/import" \
+ -H "accept: application/json" -H "content-type: application/json" \
+ -H "X-API-TOKEN: " \
+ -d "{
+ \"kibanaVersion\": \"4.0.0-beta3\",
+ \"override\": true,
+ \"hits\": [
+ {
+ \"_index\": \"logzioCustomerKibanaIndex\",
+ \"_type\": \"search\",
+ \"_id\": \"c245e530-fc60-11e7-b120-5320b1759c57\",
+ \"_score\": 1,
+ \"_source\": {
+ \"title\": \"example-saved-query\",
+ \"description\": \"\",
+ \"hits\": 0,
+ \"columns\": [
+ \"message\"
+ ],
+ \"sort\": [
+ \"@timestamp\",
+ \"desc\"
+ ],
+ \"version\": 1,
+ \"kibanaSavedObjectMeta\": {
+ \"searchSourceJSON\": \"{\"index\":\"[logzioCustomerIndex]YYMMDD\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"example-saved-query\"}},\"filter\":[]}\"
+ },
+ \"_createdBy\": {
+ \"userId\": 1,
+ \"fullName\": \"testadmin@logz.io\",
+ \"username\": \"testadmin@logz.io\"
+ },
+ \"_createdAt\": 1516287816456,
+ \"_updatedBy\": {
+ \"userId\": 1,
+ \"fullName\": \"testadmin@logz.io\",
+ \"username\": \"testadmin@logz.io\"
+ },
+ \"_updatedAt\": 1516287816456
+ }
+ }
+ ]
+ }"
+
+
+ # ::::: SHIPPING TOKENS
+ /v1/log-shipping/tokens:
+ post:
+ tags:
+ - Manage log shipping tokens
+ summary: Create a log shipping token
+ description: Creates a log shipping token for this account.
+ operationId: createNewLogShippingToken
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X POST 'https://api.logz.io/log-shipping/tokens' \
+ --header 'X-API-TOKEN: ' \
+ --header 'Content-Type: application/json'
+ --data-raw '{ "name": "token-name", "enabled": "true" }'
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ShippingTokensRequest'
+ responses:
+ '201':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ShippingTokensModel'
+ /v1/log-shipping/tokens/{id}:
+ get:
+ tags:
+ - Manage log shipping tokens
+ summary: Retrieve a log shipping token by ID
+ description: Returns details for the specified shipping token.
+ operationId: getLogShippingTokenById
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: This token's ID.
+ example: 786351
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X GET 'https://api.logz.io/v1/log-shipping/tokens/{id}' \
+ -H 'X-API-TOKEN: ' \
+ -H 'Content-Type: application/json'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ShippingTokensModel'
+ put:
+ tags:
+ - Manage log shipping tokens
+ summary: Update a log shipping token
+ description: Enables/disables a log shipping token and/or renames it.
+ operationId: updateLogShippingToken
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: This token's ID.
+ example: 786351
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ShippingTokensRequest'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X PUT 'https://api.logz.io/v1/log-shipping/tokens/{id}' \
+ -H 'X-API-TOKEN: ' \
+ -H 'Content-Type: application/json' \
+ --data-raw '{
+ "name": "staging eu",
+ "enabled": true
+ }'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ShippingTokensModel'
+ delete:
+ tags:
+ - Manage log shipping tokens
+ summary: Delete a log shipping token
+ description: >-
+ Deletes a log shipping token by its ID, while providing relevant information about the token's recent status and activity.
+
+
+ An account must have at least 1 enabled token. You won't be able to disable or delete the last token.
+
+ **Important**: Active tokens can be deleted using this call. Confirm that a token is no longer needed before deleting it.
+ operationId: deleteLogShippingToken
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: This token's ID.
+ example: 786351
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X DELETE 'https://api.logz.io/v1/log-shipping/tokens/786351' \
+ -H 'X-API-TOKEN: ' \
+ -H 'Content-Type: application/json'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ShippingTokensModel'
+ /v1/log-shipping/tokens/limits:
+ get:
+ tags:
+ - Manage log shipping tokens
+ summary: Get number of available tokens
+ description: >-
+ Returns the number of log shipping tokens currently in use and the number of available tokens that can be enabled.
+ Disabled tokens don't count against the token limit.
+ operationId: getLogShippingTokensLimits
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X GET 'https://api.logz.io/v1/log-shipping/tokens/limits' \
+ -H 'X-API-TOKEN: ' \
+ -H 'Content-Type: application/json'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ShippingTokensLimitsResponse'
+ /v1/log-shipping/tokens/search:
+ post:
+ tags:
+ - Manage log shipping tokens
+ summary: Retrieve log shipping tokens
+ description: Returns the relevant shipping tokens, filtered, sorted and paginated as per the request.
+ operationId: searchLogShippingTokens
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/ShippingTokensSearchRequest'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X POST 'https://api.logz.io/v1/log-shipping/tokens/search' \
+ -H 'X-API-TOKEN: ' \
+ -H 'Content-Type: application/json' \
+ --data-raw '{
+ "filter": {
+ "enabled": true
+ },
+ "sort": [
+ {
+ "field": "name",
+ "descending": true
+ }
+ ],
+ "pagination": {
+ "pageNumber": 3,
+ "pageSize": 15
+ }
+ }'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseShippingTokensModel'
+
+ # ::::: SHARED TOKENS
+ /v1/shared-tokens/filters:
+ get:
+ operationId: getAllFilters
+ summary: Retrieve all shared token filters
+ description: >-
+ Returns an array of JSON objects, where each object shows information for a shared token filter.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/filters" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ uniqueItems: true
+ items:
+ $ref: '#/definitions/QueryFilter'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ post:
+ operationId: createFilter
+ summary: Create a shared token filter
+ description: >-
+ Creates a new shared token filter.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/QueryFilter'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/QueryFilter'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ /v1/shared-tokens/filters/{id}:
+ get:
+ operationId: getFilter
+ summary: Retrieve a shared token filter by ID
+ description: >-
+ Returns a shared token filter as a JSON object.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the shared token filter
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/filters/345" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/QueryFilter'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ delete:
+ operationId: deleteFilter
+ summary: Delete a shared token filter
+ description: >-
+ Deletes a shared token filter.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the shared token filter
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/shared-tokens/filters/345" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ /v1/shared-tokens/{id}:
+ get:
+ operationId: getToken
+ summary: Retrieve a shared token by ID
+ description: >-
+ Returns a shared token as a JSON object.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the shared token
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/1242" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SharedToken'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ put:
+ operationId: updateToken
+ summary: Update a shared token
+ description: >-
+ Changes the filters attached to a shared token.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/UpdateSharedTokenRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/shared-tokens/1242" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{\"filters\":[339]}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SharedToken'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ delete:
+ operationId: deleteToken
+ summary: Delete a shared token
+ description: >-
+ Deletes a shared token.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the shared token
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/shared-tokens/1250" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 204:
+ description: successful operation
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ /v1/shared-tokens:
+ get:
+ operationId: getAllTokens
+ summary: Retrieve all shared tokens
+ description: >-
+ Returns an array of JSON objects, where each object shows information for a shared token.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ uniqueItems: true
+ items:
+ $ref: '#/definitions/SharedToken'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/shared-tokens" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ post:
+ operationId: createToken
+ summary: Create a shared token
+ description: >-
+ Creates a new shared token.
+
+
+ **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
+ tags:
+ - Manage shared tokens
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/CreateSharedTokenRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SharedToken'
+ 400:
+ description: not found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token with id 12345 not found for account 54321
+ description: The shared token or query filter could not be found
+ 403:
+ description: forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Insufficient privileges
+ description: Insufficient privileges. Contact our Support team for access to this API feature.
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/shared-tokens" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"tokenName\": \"Support shared token\", \"filters\":[339]}"'
+
+ # ::::: API TOKENS
+ /v1/api-tokens/sub-account:
+ post:
+ operationId: CreateApiTokenRequest
+ summary: Create a sub account API token.
+ description: >-
+ Creates a new API token for a sub account.
+
+ Must be run with an API token of the owner account.
+
+ Once created, you can view the details for this new token in [Manage tokens > API tokens](https://app.logz.io/#/dashboard/settings/manage-tokens/api), when you are logged in to the relevant sub account.
+
+ tags:
+ - Manage API tokens
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/CreateApiTokenRequest'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/ApiTokenResponse'
+ 400:
+ description: Bad Request
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Bad Request. There was an issue with the request syntax from the client. Received integer instead of expected string parameter
+ description: Bad Request. The request cannot be completed. Errors may include malformed request syntax, invalid request message parameters, and so on.
+ 401:
+ description: Unauthorized
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Unauthorized. There was a problem with the authorization provided in the request.
+ description: Unauthorized. Attempted to create an API token for a sub account with insufficient or missing credentials for the main or owner account. Please contact our Support team for access to this API feature via [help@logz.io](mailto:help@logz.io).
+ 403:
+ description: Forbidden
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Forbidden. Attempted to create an API token for a sub account using an illegal owner account token.
+ description: Forbidden. Attempted to create an API token for a sub account with an invalid owner account token. This operation requires a valid API token for the owner account.
+ 404:
+ description: Not Found
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: Not Found. Could not find the sub account associated with this request.
+ description: Not Found. Could not find the sub account associated with this request or the relevant owner account for the sub account.
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/api-tokens/sub-account" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"name\": \"newAPITokenTest999\", \"accountId\":7386}"'
+
+
+ # ::::: SNAPSHOTS
+ /v1/snapshotter:
+ post:
+ tags:
+ - Logz.io snapshots
+ summary: Create a snapshot
+ description: Creates a new Kibana snapshot and shares with recipients through email or notification endpoint
+ operationId: createSnapshot
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/SnapshotCreateRequest'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -compressed -X POST "https://api.logz.io/v1/snapshotter" \
+ -H "accept: application/json" \
+ -H "X-API-TOKEN: " \
+ -H "Content-Type: application/json" \
+ -d '{
+ "snapshotType": "VISUALIZATION",
+ "snapshotSavedObjectId": "c3cf4ac9-81f7-60ef-1a9d-d32c1fa7c012",
+ "emails": [ "shalom@logz.io" ],
+ "message": "Hey, let me know if you need me to do anything about this.",
+ "timeFrameFrom": 1527951945,
+ "timeFrameTo": 1528038346,
+ "snapshotTimeZone": "UTC",
+ "darkTheme": true
+ }'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SnapshotCreateResponse'
+ /v1/snapshotter/{snapshotId}:
+ get:
+ tags:
+ - Logz.io snapshots
+ summary: Retrieve a snapshot by ID
+ description: Returns the details of a snapshot, such as status and the snapshot image URL
+ operationId: getSnapshot
+ parameters:
+ - name: snapshotId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the snapshot
+ example: 3094
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/snapshotter/3094" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SnapshotGetResponse'
+
+ # ::::: USER MANAGEMENT
+ /v1/user-management/recursive:
+ get:
+ summary: Retrieve users in all associated accounts
+ description: >-
+ Returns a list of users in the main account and all associated sub accounts as an array of JSON objects per account.
+
+
+ If a user appears in multiple accounts, it will be listed separately under each account.
+
+
+ **Note:** Must be run with an API token belonging to the main account.
+ tags:
+ - Manage users
+ operationId: listAllAccountUsers
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/User'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/user-management/recursive" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ /v1/user-management:
+ get:
+ summary: Retrieve all users
+ description: Returns a list of users as an array of JSON objects. If you run this endpoint without the accountID, then you will retrieve all users within the account the token of which you provide. If you run this endpoint with the accountID, then you will retrieve users only from the given accountID. In this case you must run it with the token of the main account that the accountID belongs to.
+ tags:
+ - Manage users
+ operationId: listUsers
+ parameters:
+ - name: accountId
+ in: query
+ required: false
+ type: integer
+ format: int32
+ description: Logz.io sub-account ID.
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/User'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/user-management" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ post:
+ summary: Create a user
+ description: Creates a new user with specified permissions to access your log data. If you run this endpoint with the token of the main account, then you can perform actions on the main account or any sub-account within the main account by providing the sub-account’s accountID. If you run this endpoint with the token of the sub-account, then you can perform actions only on the given sub-account.
+ tags:
+ - Manage users
+ operationId: createUser
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/UserManagementUpsertRequest'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/user-management" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"username\": \"artvandelay@kramerica.com\", \"fullName\": \"Art Vandelay\", \"accountID\": 11111, \"role\": \"USER_ROLE_READONLY\"}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/UserManagementUpsertResponse'
+ /v1/user-management/{id}:
+ get:
+ tags:
+ - Manage users
+ summary: Retrieve a user by ID
+ description: Returns user information and permissions as a JSON object.
+ operationId: getUser
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/User'
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X GET "https://api.logz.io/v1/user-management/55555" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: "'
+ put:
+ tags:
+ - Manage users
+ summary: Update a user
+ description: Changes an existing user's details or permissions. If you run this endpoint with the token of the main account, then you can perform actions on the main account or any sub-account within the main account by providing the sub-account’s accountID. If you run this endpoint with the token of the sub-account, then you can perform actions only on the given sub-account.
+ operationId: updateUser
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/UserManagementUpsertRequest'
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 11300
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/user-management/12345" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: " -d "{ \"username\": \"drvenkman@gbusters.com\", \"fullName\": \"Peter Venkman\", \"accountID\": 13485, \"roles\": [ 2 ]}"'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ $ref: '#/definitions/UserManagementUpsertResponse'
+ delete:
+ tags:
+ - Manage users
+ summary: Delete a user
+ description: Revokes a user's access to the account. The API token determines the account the user will be deleted from. If you run this endpoint without the accountID, then you can perform actions on the account that belongs to the token you provided. If you run this endpoint with the accountID, then you will delete only the user from the given accountID. In this case you must run it with the token of the main account that the accountID belongs to.
+ operationId: deleteUser
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 11300
+ - name: accountId
+ in: query
+ required: false
+ type: integer
+ format: int32
+ description: Logz.io sub-account ID.
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/user-management/11300" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ /v1/user-management/{id}/recursive:
+ delete:
+ tags:
+ - Manage users
+ summary: Delete a user from all accounts
+ description: >-
+ Deletes a user from the main account and all associated sub accounts. Must be run with an API token for the main account.
+
+
+ The user will not be deleted from accounts for which there are no other users. In other words, any accounts where the user is the last user will be skipped. The success message will list accounts that were skipped.
+ operationId: deleteUserRecursively
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 11300
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X DELETE "https://api.logz.io/v1/user-management/11300/recursive" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ /v1/user-management/suspend/{id}:
+ post:
+ tags:
+ - Manage users
+ summary: Suspend a user
+ description: Locks a user's access to your accounts
+ operationId: suspendUser
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 3325
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/user-management/suspend/11300" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ /v1/user-management/unsuspend/{id}:
+ post:
+ tags:
+ - Manage users
+ summary: Unsuspend a user
+ description: Restores a suspended user's access to your accounts
+ operationId: unsuspendUser
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 3325
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -compressed -X POST "https://api.logz.io/v1/user-management/unsuspend/11300" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+
+ /v1/user-management/{id}/suspend/recursive:
+ put:
+ tags:
+ - Manage users
+ summary: Suspend a user from all accounts
+ description: >-
+ Suspends a user from the main account and all associated sub accounts. Must be run with an API token for the main account.
+ The user will not be suspended from accounts for which there are no other users. In other words, any accounts where the user is the last user will be skipped. The success message will list accounts that were skipped.
+ operationId: suspendUserRecursively
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 11300
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/user-management/11300/suspend/recursive" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: "Finished suspending user 11300 from accounts."
+
+ /v1/user-management/{id}/unsuspend/recursive:
+ put:
+ tags:
+ - Manage users
+ summary: Unsuspend a user from all accounts
+ description: >-
+ Unsuspends a user from the main account and all associated sub accounts. Must be run with an API token for the main account.
+ operationId: unsuspendUserRecursively
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 11300
+ x-code-samples:
+ - lang: cURL
+ source: 'curl -X PUT "https://api.logz.io/v1/user-management/11300/suspend/recursive" -H "accept: application/json" -H "X-API-TOKEN: "'
+ responses:
+ 200:
+ description: successful operation
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: "Finished unsuspending user 11300 from accounts."
+
+
+ # ::::: CLOUD SIEM RULES
+ /v2/security/rules:
+ post:
+ tags:
+ - Security rules
+ summary: Create a security rule
+ description: Creates a new security rule and activates it.
+ operationId: createSecurityRule
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/RuleV2Request'
+ responses:
+ '201':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RuleV2Response'
+ /v2/security/rules/{ruleId}:
+ get:
+ tags:
+ - Security rules
+ operationId: getSecurityRule
+ summary: Retrieve a security rule
+ description: Retrieves a security rule by its ID.
+ produces:
+ - application/json
+ parameters:
+ - name: ruleId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description:
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/SecurityRuleResponse'
+ headers: {}
+ put:
+ summary: Update a security rule
+ description: Applies changes to a rule, identified by its ID. Can also be used to enable or disable a rule.
+ tags:
+ - Security rules
+ operationId: updateSecurityRule
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/RuleV2Request'
+ - name: ruleId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RuleV2Response'
+ delete:
+ summary: Delete a security rule
+ description: Deletes a security rule by its ID.
+ tags:
+ - Security rules
+ operationId: deleteSecurityRule
+ produces:
+ - application/json
+ parameters:
+ - name: ruleId
+ in: path
+ required: true
+ type: integer
+ format: int32
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/RuleV2Response'
+ headers: {}
+ /v2/security/rules/search:
+ post:
+ tags:
+ - Security rules
+ operationId: searchAccountSecurityRules
+ summary: Retrieve security rules
+ description: Retrieve a list of security rules for a specific Security account. The results are paginated. Filtering, sorting and pagination are all optional. If you want to get all rules, send the payload in `{}` format.
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AlertsSearchRequest'
+
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseSecurityRuleResponse'
+
+ /v2/security/rules/{id}/enable:
+ post:
+ tags:
+ - Security rules
+ operationId: enableSecurityRule
+ summary: Enable a rule
+ description: Enables a security rule by its ID.
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Rule ID
+ in: path
+ required: true
+ type: integer
+ format: int32
+ example: 305572
+ responses:
+ default:
+ description: successful operation
+
+ /v2/security/rules/{id}/disable:
+ post:
+ tags:
+ - Security rules
+ operationId: disableSecurityRule
+ summary: Disable a rule
+ description: Disables a security rule by its ID.
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ description: Rule ID
+ in: path
+ required: true
+ type: integer
+ format: int32
+ example: 305976
+ responses:
+ default:
+ description: successful operation
+
+
+ /v2/security/rules/bulk/update:
+ post:
+ tags:
+ - Security rules
+ operationId: bulkUpdateSecurityRule
+ summary: Bulk update security rules
+ description: Update security rules in bulk
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: object
+ properties:
+ filters:
+ type: object
+ properties:
+ search:
+ type: string
+ description: Search string
+ example: string
+ severities:
+ type: array
+ description: Filter by the severities of the security rules. You can manually test your results in the [UI](https://app.logz.io/#/dashboard/security/rules/rule-definitions?from=0&sortBy=updatedAt&sortOrder=DESC).
+ items:
+ type: string
+ example: SEVERE
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ updatedBy:
+ type: array
+ description: Email addresses of the last users to update the rules
+ items:
+ type: string
+ example: user@company.com
+ createdBy:
+ type: array
+ description: Email addresses of the users to create the rules
+ items:
+ type: string
+ example: user@company.com
+ enabledState:
+ type: list of booleans
+ description: true to include enabled rules, false to include disabled rules. An empty list defaults to both enabled and disabled rules.
+ emailNotifications:
+ type: array
+ description: List of email addresses on the recipients list to receive notifications when the rules trigger.
+ items:
+ type: string
+ example: string
+ notificationsEndpointIds:
+ type: array
+ description: Notification endpoints
+ items:
+ type: integer
+ format: int32
+ example: 0
+ tags:
+ type: array
+ description: Tags are labels used to organize security rules.
+ example: threat
+ items:
+ type: object
+ example: { network_threat, recon}
+ ruleIds:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ fields:
+ type: object
+ properties:
+ enabled:
+ description: Whether felds are enabled.
+ type: boolean
+ recipients:
+ type: object
+ description: Recepients.
+ properties:
+ recipientsOperation:
+ description: Recepients operation.
+ type: string
+ example: ADD
+ recipients:
+ type: object
+ description: Recepients.
+ properties:
+ emails:
+ type: array
+ description: Email addresses of the recepients.
+ items:
+ type: string
+ example: string
+ notificationEndpointIds:
+ type: array
+ description: Notification endpoints.
+ items:
+ type: integer
+ format: int32
+ example: 0
+ all:
+ type: boolean
+
+ responses:
+ default:
+ description: successful operation
+
+ /v2/security/rules/bulk/delete:
+ post:
+ tags:
+ - Security rules
+ operationId: bulkDeleteSecurityRule
+ summary: Bulk delete security rules
+ description: Delete security rules in bulk
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: object
+ properties:
+ filters:
+ type: object
+ properties:
+ search:
+ type: string
+ description: Search string
+ example: string
+ severities:
+ type: array
+ description: Filter by the severities of the security rules. You can manually test your results in the [UI](https://app.logz.io/#/dashboard/security/rules/rule-definitions?from=0&sortBy=updatedAt&sortOrder=DESC).
+ items:
+ type: string
+ example: SEVERE
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ updatedBy:
+ type: array
+ description: Email addresses of the last users to update the rules
+ items:
+ type: string
+ example: user@company.com
+ createdBy:
+ type: array
+ description: Email addresses of the users to create the rules
+ items:
+ type: string
+ example: user@company.com
+ enabledState:
+ type: list of booleans
+ description: true to include enabled rules, false to include disabled rules. An empty list defaults to both enabled and disabled rules.
+ emailNotifications:
+ type: array
+ description: List of email addresses on the recipients list to receive notifications when the rules trigger.
+ items:
+ type: string
+ example: string
+ notificationsEndpointIds:
+ type: array
+ description: Notification endpoints
+ items:
+ type: integer
+ format: int32
+ example: 0
+ tags:
+ type: array
+ description: Tags are labels used to organize security rules.
+ example: threat
+ items:
+ type: object
+ example: { network_threat, recon}
+ ruleIds:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 0
+ fields:
+ type: object
+ properties:
+ enabled:
+ description: Whether felds are enabled.
+ type: boolean
+ recipients:
+ type: object
+ description: Recepients.
+ properties:
+ recipientsOperation:
+ description: Recepients operation.
+ type: string
+ example: ADD
+ recipients:
+ type: object
+ description: Recepients.
+ properties:
+ emails:
+ type: array
+ description: Email addresses of the recepients.
+ items:
+ type: string
+ example: string
+ notificationEndpointIds:
+ type: array
+ description: Notification endpoints.
+ items:
+ type: integer
+ format: int32
+ example: 0
+ all:
+ type: boolean
+
+ responses:
+ default:
+ description: successful operation
+
+
+ # ::::: SECURITY EVENTS
+ /v2/security/rules/events/search:
+ post:
+ summary: Fetch security events
+ description: >-
+ Runs a search query in your Logz.io Cloud SIEM account to fetch the security events that match the query parameters.
+
+
+ You have the option to filter by rule name, rule severity, and/or event timestamp, and sort the results by time and/or severity, but this is not required. If you send the query with an empty JSON body, it returns all of the events logged in your Logz.io Cloud SIEM, going as far back as your account's retention permits.
+
+
+ **Note:** Run this endpoint with an API token for your Logz.io Security account.
+ tags:
+ - Security events
+ operationId: searchSecurityRulesEvents
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AlertsEventsSearchRequest'
+
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X POST 'https://api.logz.io/v2/security/rules/events/search' \
+ -H 'X-API-TOKEN: \
+ -H 'Content-Type: application/json' \
+ --data-raw '{
+ "filter": {
+ "searchTerm": "Falco",
+ "severities": [
+ "SEVERE"
+ ],
+ "timeRange": {
+ "fromDate": 1587134557,
+ "toDate": 1587137557
+ }
+ "includeMutedEvents": false
+ },
+
+ "sort": [
+ {
+ "field": "SEVERITY"
+ },
+ {
+ "field": "DATE"
+ }
+ ],
+ "pagination": {
+ "pageNumber": 1,
+ "pageSize": 25
+ }
+ }'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseTriggeredResponse'
+ headers: {}
+
+ # ::::: SECURITY ACCOUNT
+ /v2/account-management/siem:
+ post:
+ summary: Create SIEM account
+ description: Creates a new SIEM account. Returns SIEM account configuration settings as a JSON object. Must be run with an API token from the your main Logs account *Logs > Settings > Manage tokens > API tokens*.
+ tags:
+ - Security account
+ operationId: postSIEM
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ type: object
+ required:
+ - accountName
+ - email
+ properties:
+ accountName:
+ type: string
+ required: true
+ description: SIEM account name
+ accountsToScan:
+ type: array
+ description: IDs of accounts that will be accessed for logs. The owner account will be the default account to scan.
+ items:
+ type: integer
+ email:
+ type: string
+ required: true
+ description: Email address of the SIEM account.
+ isUsingRepositoryAccount:
+ type: boolean
+ description: Describes if the account uses a Repository Account. For more information, see our [User Guide]( https://docs.logz.io/user-guide/accounts/shared_repository.html).
+ responses:
+ 200:
+ description: successful query
+ schema:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ description: Account ID.
+ accountName:
+ type: string
+ required: true
+ description: SIEM account name
+ accountsToScan:
+ type: array
+ description: Accounts included into the query
+ items:
+ type: integer
+ createdAt:
+ type: string
+ format: date-time
+ description: >-
+ Date this account was created.
+ Format: `{yyyy}-{mm}-{dd}T{hh}:{mm}:{ss}Z`
+ example: 2018-04-01T19:18:38Z
+ isUsingRepositoryAccount:
+ type: boolean
+ description: Describes if the account uses a Repository Account. For more information, see our [User Guide]( https://docs.logz.io/user-guide/accounts/shared_repository.html).
+
+
+
+
+ /v2/security/rules/events/logs/search:
+ post:
+ summary: Fetch the logs that triggered a security event
+ description: >-
+ Runs a search query in your Logz.io Log Monitoring account to fetch the logs that triggered the security rule and caused it to log a security event.
+
+
+ This query returns an array of parsed logs linked to a single event - it isn't a bulk action. Run this query to investigate an event and increase observability into details omitted from the security event log.
+
+
+ **Note:** Run this endpoint with an API token for your Logz.io Security account.
+ tags:
+ - Security events
+ operationId: searchSecurityRuleEventLogs
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/AlertEventLogsSearchRequest'
+ x-code-samples:
+ - lang: cURL
+ source: >-
+ curl -L -X POST 'https://api.logz.io/v2/security/rules/events/logs/search' \
+ -H 'X-API-TOKEN: \
+ -H 'Content-Type: application/json' \
+ --data-raw '{
+ "filter": {
+ "alertEventId": "2582e212-2ccf-5550-b253-785aa3a5468f"
+ },
+ "pagination": {
+ "pageNumber": 1,
+ "pageSize": 10
+ }
+ }'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseMapStringObject'
+ headers: {}
+
+ # ::::: DROP FILTERS
+ /v1/drop-filters/search:
+ post:
+ summary: Retrieve drop filters
+ description: Returns all drop filters configured for the account, both active and inactive.
+ tags:
+ - Drop filters
+ operationId: getAllForAccount
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/LogsDropFiltersPipelineDefinition'
+ headers: {}
+
+ /v1/drop-filters/{id}/activate:
+ post:
+ summary: Activate a drop filter
+ description: Activates a drop filter identified by its ID.
+ tags:
+ - Drop filters
+ operationId: activate
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: Drop filter ID in the Logz.io database. You can run the `/v1/drop-filters/search` endpoint to retrieve the IDs of all the drop filters in the account.
+ example: d0d000ce-e63b-595b-a8f9-25032776cd28
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LogsDropFiltersPipelineDefinition'
+ headers: {}
+ /v1/drop-filters/{id}/deactivate:
+ post:
+ summary: Deactivate a drop filter
+ description: Deactivates a drop filter identified by its ID.
+ tags:
+ - Drop filters
+ operationId: deactivate
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: Drop filter ID in the Logz.io database. You can run the `/v1/drop-filters/search` endpoint to retrieve the IDs of all the drop filters in the account.
+ example: d0d000ce-e63b-595b-a8f9-25032776cd28
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LogsDropFiltersPipelineDefinition'
+ headers: {}
+ /v1/drop-filters/{id}:
+ delete:
+ summary: Delete a drop filter
+ description: Deletes a drop filter identified by its ID.
+ tags:
+ - Drop filters
+ operationId: delete
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: Drop filter ID in the Logz.io database. You can run the `/v1/drop-filters/search` endpoint to retrieve the IDs of all the drop filters in the account.
+ example: d0d000ce-e63b-595b-a8f9-25032776cd28
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LogsDropFiltersPipelineDefinition'
+ headers: {}
+ /v1/drop-filters:
+ post:
+ summary: Create drop filter
+ description: Creates and activates a new drop filter.
+ tags:
+ - Drop filters
+ operationId: create
+ consumes:
+ - application/json
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/DropFiltersCreateRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LogsDropFiltersPipelineDefinition'
+ headers: {}
+
+ # ::::: SIEM LOOKUPS
+ /v1/lookup-lists:
+ post:
+ summary: Create lookup list
+ description: Creates a new lookup list. After you create the list, you can run the endpoint to add elements to the list.
+ tags:
+ - Lookup lists
+ operationId: createLookupList
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/LookupListCreateRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupList'
+ headers: {}
+
+ /v1/lookup-lists/search:
+ post:
+ summary: Get all/Search lookup lists
+ description: Searches for lookup lists by name or ID. Can also be run without a filter to return the full list of existing lookups. Returns a paginated list of results.
+ tags:
+ - Lookup lists
+ operationId: searchLookupLists
+ produces:
+ - application/json
+ parameters:
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/LookupListsSearchRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseLookupList'
+ headers: {}
+ /v1/lookup-lists/{id}:
+ get:
+ summary: Get lookup by ID
+ description: Retrieves the general details for an existing lookup list.
+ tags:
+ - Lookup lists
+ operationId: getLookupList
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupList'
+ headers: {}
+ put:
+ summary: Update lookup list
+ description: Update the name and/or description of an exisiting lookup list.
+ tags:
+ - Lookup lists
+ operationId: updateLookupList
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/LookupList'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupList'
+ headers: {}
+ delete:
+ summary: Delete lookup list
+ description: Deletes a lookup list. Note that this action can affect rules, dashboards, and reports if they are dependent on the lookup list.
+ tags:
+ - Lookup lists
+ operationId: deleteLookupList
+ produces:
+ - application/json
+ parameters:
+ - name: id
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupList'
+ headers: {}
+
+ /v1/lookup-lists/{lookupListId}/elements:
+ post:
+ summary: Add element to a lookup list
+ description: Adds a new element to an existing lookup list. An element is a field value and comment (helpful description that does not affect the lookup functionally).
+ tags:
+ - Lookup lists
+ operationId: createLookupListElement
+ produces:
+ - application/json
+ parameters:
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/LookupListElementCreateRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupListElement'
+ headers: {}
+ /v1/lookup-lists/{lookupListId}/elements/search:
+ post:
+ summary: Get all/Search lookup elements
+ description: Searches elements in a specified lookup list. Can also be run without a filter to return the full list of elements. Returns a paginated list of results.
+ tags:
+ - Lookup lists
+ operationId: searchLookupListElements
+ produces:
+ - application/json
+ parameters:
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - in: body
+ name: body
+ required: false
+ schema:
+ $ref: '#/definitions/LookupListElementsSearchRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/PagedSearchResponseLookupListElement'
+ headers: {}
+
+ /v1/lookup-lists/{lookupListId}/elements/{id}:
+ get:
+ summary: Get element
+ description: Retrieves a specific lookup element by its ID.
+ tags:
+ - Lookup lists
+ operationId: getLookupListElement
+ produces:
+ - application/json
+ parameters:
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of a specific value element contained in the lookup list.
+ example: 20
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupListElement'
+ headers: {}
+ put:
+ summary: Update element
+ description: Changes the value and/or comment of a specific element, identified by its ID.
+ tags:
+ - Lookup lists
+ operationId: updateLookupListElement
+ produces:
+ - application/json
+ parameters:
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of a specific value element contained in the lookup list.
+ example: 20
+ - in: body
+ name: body
+ required: true
+ schema:
+ $ref: '#/definitions/LookupListElement'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupListElement'
+ headers: {}
+ delete:
+ summary: Delete element
+ description: Deletes a specific lookup element, identified by its ID.
+ tags:
+ - Lookup lists
+ operationId: deleteLookupListElement
+ produces:
+ - application/json
+ parameters:
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - name: id
+ in: path
+ required: true
+ type: integer
+ format: int32
+ description: ID of a specific value element contained in the lookup list.
+ example: 20
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupListElement'
+ headers: {}
+
+ /v1/lookup-lists/{lookupListId}/elements/bulk-add:
+ post:
+ tags:
+ - Lookup lists
+ operationId: addLookupListElements
+ summary: Add elements in bulk
+ description: Adds an array of elements to an existing Lookup list and sets the expiration date for the lookup.
+ produces:
+ - application/json
+ parameters:
+ - name: defaultTTL
+ in: query
+ required: false
+ type: integer
+ format: int64
+ description: Optional. The expiration date and time of the lookup list as UNIX epoch milliseconds. When this parameter is left empty, the lookup list does not expire.
+ - name: lookupListId
+ in: path
+ required: true
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ - in: body
+ name: body
+ required: true
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/LookupListElementCreateRequest'
+ responses:
+ '200':
+ description: successful operation
+ schema:
+ $ref: '#/definitions/LookupListElementBulkResponse'
+ headers: {}
+
+
+definitions:
+ # ::::: SIEM LOOKUPS
+ PagedSearchResponseLookupListElement:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ description: Total number of search results. The results are relvent elements contained in the lookup list.
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/LookupListElement'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ LookupListElement:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the element in the Lookup list.
+ value:
+ type: string
+ minLength: 1
+ maxLength: 80
+ description: A single field value. You should ensure that the lookup list contains a list of values all mapped to the same field.
+ example: 54.53.1.1
+ comment:
+ type: string
+ description: Optional. A place to add a note or additional details about the value. For example, if the value is an IP address, the comment can identify the server.
+ maxLength: 200
+ example: ABC Server
+ expirationDate:
+ type: integer
+ format: int64
+ description: Optional. The expiration date and time of the lookup list as UNIX epoch milliseconds. When this parameter is left empty, the lookup list does not expire.
+ LookupListElementCreateRequest:
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ type: string
+ minLength: 1
+ maxLength: 80
+ description: A single field value.
+ example: 54.53.1.1
+ comment:
+ type: string
+ minLength: 0
+ maxLength: 200
+ description: Optional. A place to add a note or additional details about the value. For example, if the value is an IP address, the comment can identify the server.
+ example: ABC Server
+ expirationDate:
+ type: integer
+ format: int64
+ description: Optional. The expiration date and time of the lookup list as UNIX epoch milliseconds. When this parameter is left empty, the lookup list does not expire.
+ LookupList:
+ type: object
+ summary: General indentifiers for the lookup - its ID, name, and description.
+ properties:
+ id:
+ type: string
+ description: GUID of the lookup list.
+ example: 7c985e09-3db6-5dc6-ae33-58403493e13f
+ name:
+ type: string
+ minLength: 1
+ maxLength: 40
+ description: Name of the lookup list.
+ description:
+ type: string
+ minLength: 0
+ maxLength: 400
+ description: Description of the lookup list.
+ LookupListCreateRequest:
+ type: object
+ properties:
+ name:
+ type: string
+ minLength: 0
+ maxLength: 40
+ description: Name of the lookup list. If null, the list will be named `Untitled` followed by the running number.
+ default: Untitled##
+ description:
+ type: string
+ minLength: 0
+ maxLength: 400
+ description: A place to add a free text description of the lookup list's purpose, uses and dependencies.
+ PagedSearchResponseLookupList:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ description: Total number of search results.
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/LookupList'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ LookupListsFilter:
+ type: object
+ description: Filter by names that contain a term, by lookup ID, or by both. If both properties are sent, they must both be satsified (`AND` logic).
+ properties:
+ searchTerm:
+ type: string
+ description: Filters for lookup names that contains the search term.
+ example: servers
+ byIds:
+ type: array
+ description: List of lookup IDs.
+ items:
+ type: string
+ LookupListsSearchRequest:
+ type: object
+ properties:
+ filter:
+ $ref: '#/definitions/LookupListsFilter'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+ LookupListElementsFilter:
+ type: object
+ description: Filter for elements by value, element ID, or by comments that contain a search term. If multiple properties are sent, they must all be satisfied (`AND` logic).
+ properties:
+ searchTerm:
+ type: string
+ description: Filters for values or comments that contain the search term.
+ example: server
+ byIds:
+ type: array
+ description: Filters by element IDs.
+ items:
+ type: integer
+ format: int32
+ byValues:
+ type: array
+ description: Filters by exact value. (Looks for elements that match any one of the values in the array.)
+ items:
+ type: string
+ LookupListElementsSearchRequest:
+ type: object
+ properties:
+ filter:
+ $ref: '#/definitions/LookupListElementsFilter'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+ LookupListElementBulkResponse:
+ type: object
+ properties:
+ status:
+ type: string
+ enum:
+ - SUCCESS
+ - PARTIAL_FAILED
+ - FAILED
+ description: Returns the status of the request.
+ example: SUCCESS
+ numOfAddedElements:
+ type: integer
+ format: int32
+ description: Total number of new elements added to the Lookup list.
+ example: 32
+ numOfMergedElements:
+ type: integer
+ format: int32
+ description: Total number of elements merged with duplicate values in the existing list. (In other words, the number of existing elements that were updated by the request.)
+ example: 42
+
+
+
+ # ::::: ACCOUNTS DEFINITIONS
+ WhoAmIV2Response:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Name of the account
+ example: Jean Valjean
+ accountId:
+ type: integer
+ description: ID of the account
+ format: int32
+ example: 24601
+ AccountUtilizationSettings:
+ type: object
+ description: Settings for logging metrics on your account utilization, such as used and expected data volume at current indexing rate.
+ properties:
+ frequencyMinutes:
+ type: integer
+ format: int32
+ description: How often utilization metrics are written to logs, in minutes
+ example: 5
+ utilizationEnabled:
+ type: boolean
+ description: If utilization metrics are written to logs, `true`. Otherwise, `false`.
+ example: true
+ AccountView:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ format: int32
+ accountName:
+ type: string
+ accountToken:
+ type: string
+ active:
+ type: boolean
+ esIndexPrefix:
+ description: Prefix of the Elasticsearch Index used to index the data.
+ type: string
+ isFlexible:
+ type: boolean
+ default: false
+ description: >-
+ Indicates whether the plan has **shared volume** enabled.
+
+
+ If `true`, the volume of data that the account can index per calendar day is determined by 2 parameters: `reservedDailyGB` (Required) and `maxDailyGB` (Optional, can be null).
+
+
+ If `false`, the volume of data that the account can index per calendar day is determined only by `maxDailyGB`. The parameter `reservedDailyGB` does not apply.
+ example: true
+ reservedDailyGB:
+ type: number
+ format: float
+ description: >-
+ * If `isFlexible=false`, this field does not apply.
+
+
+ * If `isFlexible=true`, this determines the daily volume in GB reserved for the account. This capacity is guaranteed and cannot be used by any other accounts.
+ example: 3
+ maxDailyGB:
+ type: number
+ format: float
+ description: >-
+ The maximum volume of data that an account can index per calendar day.
+
+
+ * If `isFlexible=false` this is the only capacity reserved for use by the account. Cannot be null.
+
+
+ * If `isFlexible=true` this is used to limit the account's access to shared volume. Once the data shipped to the account exceeds the account's reserved capacity, the account can continue to index data up to its `maxDailyGB`, as long as shared volume is available.
+
+
+ * If null (and `isFlexible=true`), the account is uncapped and can continue to index data as long as shared volume is available.
+ example: 5
+ retentionDays:
+ type: integer
+ format: int32
+ description: How long log data is stored and searchable in Kibana, in days.
+ DailyUsagesList:
+ type: object
+ properties:
+ usage:
+ type: array
+ items:
+ $ref: '#/definitions/LHDailyCount'
+ TimeBasedAccountUpdateRequest:
+ type: object
+ required:
+ - accountName
+ - sharingObjectsAccounts
+ properties:
+ accountName:
+ type: string
+ description: Name of the account
+ example: AWS Lambda svr 3
+ reservedDailyGB:
+ type: number
+ format: float
+ default: null
+ description: >-
+ * If `isFlexible=false`, this field does not apply. Leave it null.
+
+
+ * If `isFlexible=true`, this parameter is required. It determines the volume that is reserved for the account.
+ example: 3
+ maxDailyGB:
+ type: number
+ format: float
+ description: >-
+ The maximum volume of data that an account can index per calendar day.
+
+
+ * If `isFlexible=false` this parameter can only be used to update a sub account, but not a main account. It determines the only capacity reserved for use by the account. It cannot be null.
+
+
+ * If `isFlexible=true` this is used to limit the account's access to shared volume. Once the data shipped to the account exceeds the account's reserved capacity, the account can continue to index data up to its `maxDailyGB`, as long as shared volume is available.
+
+
+ * If null (and `isFlexible=true`), the account is uncapped and can continue to index data as long as shared volume is available.
+ example: 5
+ retentionDays:
+ type: integer
+ format: int32
+ description: This is how long log data is stored and searchable in Kibana, in days.
+ minimum: 1
+ example: 5
+ searchable:
+ $ref: "#/definitions/Searchable"
+ accessible:
+ $ref: "#/definitions/Accessible"
+ sharingObjectsAccounts:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 88888
+ description: IDs of accounts that can access this account's data. The array is required, but can be empty.
+ docSizeSetting:
+ $ref: '#/definitions/DocSizeSetting'
+ utilizationSettings:
+ $ref: '#/definitions/AccountUtilizationSettings'
+
+ DetailedTimeBasedAccount:
+ type: object
+ properties:
+ subAccountRelation:
+ $ref: '#/definitions/SubAccountRelation'
+ account:
+ $ref: '#/definitions/AccountView'
+ sharingObjectsAccounts:
+ type: array
+ items:
+ $ref: '#/definitions/AccountView'
+ utilizationSettings:
+ $ref: '#/definitions/AccountUtilizationSettings'
+ dailyUsagesList:
+ $ref: '#/definitions/DailyUsagesList'
+ docSizeSetting:
+ $ref: '#/definitions/DocSizeSetting'
+ LHDailyCount:
+ type: object
+ properties:
+ date:
+ type: integer
+ format: int64
+ bytes:
+ type: integer
+ format: int64
+ TimeBasedAccountCreateRequest:
+ type: object
+ required:
+ - accountName
+ - email
+ - sharingObjectsAccounts
+ - retentionDays
+ properties:
+ email:
+ type: string
+ pattern: "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$"
+ description: Account administrator's email address
+ example: help@logz.io
+ accountName:
+ type: string
+ description: Name of the account
+ example: AWS Lambda svr 3
+ isFlexible:
+ type: boolean
+ default: false
+ reservedDailyGB:
+ type: number
+ format: float
+ default: null
+ description: >-
+ * If `isFlexible=false`, don't send this field or send it null.
+
+
+ * If `isFlexible=true`, this parameter is required. It determines the volume that is reserved for the account.
+ example: 3
+ maxDailyGB:
+ type: number
+ format: float
+ description: >-
+ The maximum volume of data that an account can index per calendar day.
+
+
+ * If `isFlexible=false` this is the only capacity reserved for use by the account. Cannot be null.
+
+
+ * If `isFlexible=true` this is used to limit the account's access to shared volume. Once the data shipped to the account exceeds the account's reserved capacity, the account can continue to index data up to its `maxDailyGB`, as long as shared volume is available.
+
+
+ * If null (and `isFlexible=true`), the account is uncapped and can continue to index data as long as shared volume is available.
+ example: 5
+ retentionDays:
+ type: integer
+ format: int32
+ description: How long log data is stored and searchable in Kibana, in days.
+ minimum: 1
+ example: 5
+ searchable:
+ $ref: "#/definitions/Searchable"
+ accessible:
+ $ref: "#/definitions/Accessible"
+ sharingObjectsAccounts:
+ type: array
+ items:
+ type: integer
+ format: int32
+ example: 88888
+ description: IDs of accounts that can access this account's data. The array is required, but can be empty.
+ docSizeSetting:
+ $ref: '#/definitions/DocSizeSetting'
+ utilizationSettings:
+ $ref: '#/definitions/AccountUtilizationSettings'
+
+ SharingAccount:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the account
+ example: 88888
+ accountName:
+ type: string
+ description: Name of the account
+ example: dev group 8
+ SubAccountRelation:
+ type: object
+ description: Properties of the sub accounts related to this main account
+ properties:
+ ownerAccountId:
+ type: integer
+ format: int32
+ description: ID of the main account
+ example: 88765
+ subAccountId:
+ type: integer
+ format: int32
+ description: ID of the sub account
+ example: 89234
+ searchable:
+ $ref: "#/definitions/Searchable"
+ accessible:
+ $ref: "#/definitions/Accessible"
+ createdDate:
+ type: integer
+ format: int64
+ description: >-
+ Date this account was created.
+ example: 1627489797000
+ lastUpdatedDate:
+ type: integer
+ format: int64
+ description: >-
+ Date this account was last updated.
+ example: 1627489797000
+ lastUpdaterUserId:
+ type: integer
+ format: int32
+ description: ID of the user who last updated this account
+ example: 33342
+ type:
+ type: string
+ enum:
+ - OWNER_ACCOUNT
+ - SUB_ACCOUNT
+ - TIMELESS_INDEX
+ - ALL
+ description: Account type
+ example: SUB_ACCOUNT
+ TimeBasedAccount:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the account
+ example: 99999
+ email:
+ type: null
+ nullable: true
+ description: Email address of the user who created the account
+ example: null
+ accountName:
+ type: string
+ description: Name of the account
+ example: 404 errors
+ isFlexible:
+ type: boolean
+ default: false
+ description: >-
+ Indicates whether the plan has **shared volume** enabled.
+
+
+ If `true`, the volume of data that the account can index per calendar day is determined by 2 parameters: `reservedDailyGB` (Required) and `maxDailyGB` (Optional, can be null).
+
+
+ If `false`, the volume of data that the account can index per calendar day is determined only by `maxDailyGB`. The parameter `reservedDailyGB` does not apply and should be null.
+ example: true
+ reservedDailyGB:
+ type: number
+ format: float
+ default: null
+ description: >-
+ * If `isFlexible=false`, this field does not apply and will be null.
+
+ * If `isFlexible=true`, this determines the daily volume in GBs that is reserved for the account, given as an integer.
+ maxDailyGB:
+ type: number
+ format: float
+ description: >-
+ The maximum volume of data that an account can index per calendar day.
+
+
+ * If `isFlexible=false` this is the only capacity reserved for use by the account. Cannot be null.
+
+
+ * If `isFlexible=true` this is used to limit the account's access to shared volume. Once the data shipped to the account exceeds the account's reserved capacity, the account can continue to index data up to its `maxDailyGB`, as long as shared volume is available.
+
+
+ * If null (and `isFlexible=true`), the account is uncapped and can continue to index data as long as shared volume is available.
+ example: 5
+ retentionDays:
+ type: integer
+ format: int32
+ description: How long log data is retained in the Elasticsearch Index and searchable in Kibana, in days.
+ example: 5
+ searchable:
+ $ref: "#/definitions/Searchable"
+ accessible:
+ $ref: "#/definitions/Accessible"
+ docSizeSetting:
+ $ref: '#/definitions/DocSizeSetting'
+ sharingObjectsAccounts:
+ type: array
+ items:
+ $ref: '#/definitions/SharingAccount'
+ description: Accounts that have permissions to access this account's Kibana objects.
+ utilizationSettings:
+ $ref: '#/definitions/AccountUtilizationSettings'
+ isCapped:
+ type: boolean
+ default: false
+ description: >-
+ * If `isFlexible=false`, this field does not apply and will be `false`.
+
+
+ * If `isFlexible=true`, this field determines whether the account is capped by GB. If the account is capped, `true`.
+ example: false
+ totalTimeBasedDailyGB:
+ type: number
+ format: float
+ description: >-
+ * If `isFlexible=false`, this field does not apply and will be `null`.
+
+
+ * If `isFlexible=true`, this determines the account plan volume in GB.
+ example: 5.0
+ sharedGB:
+ type: number
+ format: float
+ description: >-
+ * If `isFlexible=false`, this field does not apply and will be `null`.
+
+
+ * If `isFlexible=true`, this determines the shareable volume in GB.
+ example: 5.0
+ isOwner:
+ type: boolean
+ default: false
+ description: If the account is an owner account, `true`. Otherwise, `false`.
+ example: false
+ TimeBasedAccountCreationResponse:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the account
+ example: 99999
+ Searchable:
+ type: boolean
+ description: If other accounts can search this account's logs, `true`. Otherwise, `false`.
+ default: false
+ example: true
+ Accessible:
+ type: boolean
+ description: If users of the main account can access this account, `true`. Otherwise, `false`.
+ default: false
+ example: false
+ DocSizeSetting:
+ type: boolean
+ description: Adds a LogSize field to each log to record the size in bytes, to better manage the account utilization.
+ default: false
+ example: true
+
+
+
+ # ::::: CLOUD SIEM DEFINITIONS
+ AlertEventLogsSearchRequest:
+ type: object
+ required:
+ - filter
+ properties:
+ filter:
+ $ref: '#/definitions/RuleEventLogsFilter'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ RuleEventLogsFilter:
+ type: object
+ description: Filter by the event's unique GUID to retrieve only the logs relevant to the event under investigation.
+ required:
+ - alertEventId
+ properties:
+ alertEventId:
+ type: string
+ description: Unique GUID of the security event in Logz.io Cloud SIEM. The GUID is returned in the results when querying to fetch security events or by inspecting an event log in the [UI](https://app.logz.io/#/dashboard/security/research/discover?) under the field `logzio-alert-event-id`.
+ example: 833203f9-de71-5a12-9083-9055a6d925bb
+ Pagination:
+ type: object
+ description: Default pagination is a page of 25 results. Look for the `total` field in the response for the number of available results overall, and use the pagination function to page through the results.
+ properties:
+ pageNumber:
+ type: integer
+ format: int32
+ description: If you overshoot the page number, it will return empty with no results, but it won't fail the request.
+ default: 1
+ example: 2
+ pageSize:
+ type: integer
+ format: int32
+ description: Controls the number of results per page. Valid inputs are 1 to 1000.
+ maximum: 1000
+ default: 25
+ example: 100
+ PagedSearchResponseMapStringObject:
+ type: object
+ properties:
+ total:
+ description: Returns the total number of logs linked to the security event specified in the query. This number is fixed and not affected by pagination.
+ type: integer
+ format: int32
+ example: 5
+ results:
+ type: array
+ description: >-
+ Array of logs returned in answer to the query. The logs are returned in their entirety and parsed.
+
+
+ If the logs are no longer retained in the database, the request will return empty. You can check your account's log retention policy in your [log monitoring account](https://app.logz.io/#/dashboard/settings/usage-and-billing).
+ items:
+ type: object
+ example: {Array of logs}
+ #additionalProperties:
+ # type: object
+ pagination:
+ $ref: '#/definitions/Pagination'
+ PagedSearchResponseTriggeredAlert:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ description: The total number of events returned by the query. The total entities found after filtering and sorting. This number is fixed and not affected by pagination.
+ example: 500
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/TriggeredAlert'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ PagedSearchResponseTriggeredResponse:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ description: The total number of events returned by the rule search query. The total entities found after filtering and sorting. This number is fixed and not affected by pagination.
+ example: 500
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/TriggeredRule'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ TriggeredAlert:
+ type: object
+ properties:
+ alertId:
+ type: integer
+ format: int32
+ description: Unique identifier of the security rule in Logz.io Cloud SIEM. Equivalent to the log field `logzio-alert-definition-id`
+ example: 453345
+ name:
+ type: string
+ description: Name of the security rule in Logz.io Cloud SIEM
+ example: AWS EC2 - Brute force SSH login attempts
+ description:
+ type: string
+ description: Typically an explanation of the security rule's logic and suggested next steps
+ example: Suggested next steps...
+ alertSummary:
+ type: string
+ description: Equivalent to the `condition` field in the rule
+ example: Alert if query '*' results GREATER_THAN_OR_EQUALS 5.00 in 10 minutes. Count on Group By '[userIdentity.userName, sourceIPAddress]'
+ eventDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds showing when the rule's conditions were met and the event was triggered
+ example: 1587860455
+ alertWindowStartDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds of the earliest log that triggered the rule to log an event. It usually takes several logs under certain conditions to trigger a security rule.
+ example: 1587856855
+ alertWindowEndDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds of the latest log that triggered the rule to log an event. It usually takes several logs under certain conditions to trigger a security rule.
+ example: 1587860455
+ severity:
+ type: string
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ description: Severity of the security event as determined by the security rule's definition
+ example: SEVERE
+ alertEventId:
+ type: string
+ description: Unique identifier of the security event in Logz.io Cloud SIEM. Equivalent to the log field `logzio-alert-event-id`
+ example: 27cdcf45-ae12-581a-809e-17a6bbc9ae07
+ groupBy:
+ type: object
+ description: A map object. Array of field:value pairs (key-value pairs) used by the security rule to aggregate results. Security rules can apply `groupBy` conditions to aggregate results by up to 3 fields. The fields differ rule by rule.
+ example: {"source_ip": "122.17.45.15", "hostname":"hostname1234" }
+ #additionalProperties:
+ # type: map
+ # maximum: 3
+ # description: The fields differ by rule. There can be 1-3 fields.
+ tags:
+ type: array
+ description: Tags are labels used to organize security rules.
+ example: threat
+ items:
+ type: object
+ example: { network_threat, recon}
+ hits:
+ type: integer
+ format: int32
+ description: Hits represent the number of logs that triggered the security rule before being aggregated by the `groupBy` condition.
+ example: 30
+ isMuted:
+ type: boolean
+ description: Describes whether a specific returned alert event is muted.
+ example: true
+ TriggeredRule:
+ type: object
+ properties:
+ alertId:
+ type: integer
+ format: int32
+ description: Unique identifier of the security rule in Logz.io Cloud SIEM. Equivalent to the log field `logzio-alert-definition-id`
+ example: 453345
+ name:
+ type: string
+ description: Name of the security rule in Logz.io Cloud SIEM
+ example: AWS EC2 - Brute force SSH login attempts
+ description:
+ type: string
+ description: Typically an explanation of the security rule's logic and suggested next steps
+ example: Suggested next steps...
+ alertSummary:
+ type: string
+ description: Equivalent to the `condition` field in the rule
+ example: Alert if query '*' results GREATER_THAN_OR_EQUALS 5.00 in 10 minutes. Count on Group By '[userIdentity.userName, sourceIPAddress]'
+ eventDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds showing when the rule's conditions were met and the event was triggered
+ example: 1587860455
+ alertWindowStartDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds of the earliest log that triggered the rule to log an event. It usually takes several logs under certain conditions to trigger a security rule.
+ example: 1587856855
+ alertWindowEndDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in seconds of the latest log that triggered the rule to log an event. It usually takes several logs under certain conditions to trigger a security rule.
+ example: 1587860455
+ severity:
+ type: string
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ description: Severity of the security event as determined by the security rule's definition
+ example: SEVERE
+ alertEventId:
+ type: string
+ description: Unique identifier of the security event in Logz.io Cloud SIEM. Equivalent to the log field `logzio-alert-event-id`
+ example: 27cdcf45-ae12-581a-809e-17a6bbc9ae07
+ groupBy:
+ type: object
+ description: A map object. Array of field:value pairs (key-value pairs) used by the security rule to aggregate results. Security rules can apply `groupBy` conditions to aggregate results by up to 3 fields. The fields differ rule by rule.
+ example: {"source_ip": "122.17.45.15", "hostname":"hostname1234" }
+ #additionalProperties:
+ # type: map
+ # maximum: 3
+ # description: The fields differ by rule. There can be 1-3 fields.
+ tags:
+ type: array
+ description: Tags are labels used to organize security rules.
+ example: threat
+ items:
+ type: object
+ example: { network_threat, recon}
+ hits:
+ type: integer
+ format: int32
+ description: Hits represent the number of logs that triggered the security rule before being aggregated by the `groupBy` condition.
+ example: 30
+ isMuted:
+ type: boolean
+ description: Describes whether a specific returned alert event is muted.
+ example: true
+ mitreTags:
+ type: array
+ items:
+ type: string
+ description: Tags used for classifying, discussing, and interpreting security incidents. This feature is currently under development.
+
+ AlertsEventsSearchRequest:
+ type: object
+ properties:
+ filter:
+ $ref: '#/definitions/RulesEventsFilter'
+ summary: Filter by rule name, rule severity, or time range.
+ sort:
+ description: Explicit sorting rules are not required, but recommended. Otherwise the database will determine the sorting.
+ type: array
+ items:
+ $ref: '#/definitions/RulesEventsSortRequest'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ RulesEventsSortRequest:
+ type: object
+ required:
+ - field
+ properties:
+ field:
+ type: string
+ description: Sort by date and/or severity. Order determines secondary sorting.
+ enum:
+ - DATE
+ - SEVERITY
+ descending:
+ type: boolean
+ default: true
+ description: If left blank, descending sorting will result. If `false` results in ascending sorting.
+ RulesEventsFilter:
+ type: object
+ description: Filter by rule name, rule severity, or time range.
+ properties:
+ searchTerm:
+ type: string
+ example: Falco
+ description: Filter for a matching string in the security rule name. You can manually test your results in the [UI](https://app.logz.io/#/dashboard/security/rules/rule-definitions?from=0&sortBy=updatedAt&sortOrder=DESC).
+ severities:
+ type: array
+ description: Filter by the severities of the security rules. You can manually test your results in the [UI](https://app.logz.io/#/dashboard/security/rules/rule-definitions?from=0&sortBy=updatedAt&sortOrder=DESC).
+ items:
+ type: string
+ example: SEVERE
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ timeRange:
+ $ref: '#/definitions/RulesTimeRange'
+ includeMutedEvents:
+ type: boolean
+ example: true
+ description: Defines if muted events need to be passed. The endpoint will return both non-muted and muted events if this is set to `true`.
+
+ RulesTimeRange:
+ type: object
+ required:
+ - fromDate
+ - toDate
+ description: Add a timerange to filter by event timestamps that fall within the range. If applied, both the earliest and latest thresholds are required.
+ properties:
+ fromDate:
+ type: integer
+ format: int64
+ example: 1587134557
+ description: Absolute UNIX timestamp in seconds (not milliseconds). Your security account's retention policy determines the earliest events you'll be able to retrieve.
+ toDate:
+ type: integer
+ format: int64
+ example: 1587137557
+ description: Absolute UNIX timestamp in seconds (not milliseconds).
+
+ PagedSearchResponseSecurityRuleResponse:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ description: The total number of rules returned by the query. The total entities found after filtering and sorting. This number is fixed and not affected by pagination.
+ example: 500
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/SecurityRuleResponse'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+
+ AlertsSearchRequest:
+ title: Search request Results
+ type: object
+ properties:
+ filter:
+ description: Filter by rule name, severity, and more. If you want to get all rules, just send `filter` as an empty object the payload.
+ $ref: '#/definitions/AlertsFilter'
+ sort:
+ description: Explicit sorting rules are not required, but recommended. Otherwise the database will determine the sorting.
+ $ref: '#/definitions/AlertsSortRequest'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+
+ AlertsSortRequest:
+ type: object
+ required:
+ - field
+ properties:
+ sortByField:
+ type: string
+ description: Sort by a single parameter.
+ enum:
+ - SEVERITY
+ - NAME
+ - CREATED_AT
+ - UPDATED_AT
+ descending:
+ type: boolean
+ default: true
+ description: If left blank, descending sorting will result. If `false` results in ascending sorting.
+
+
+ AlertsFilter:
+ type: object
+ properties:
+ search:
+ type: string
+ description: Searches by rule titles and descriptions that contain the string.
+ severities:
+ type: array
+ items:
+ type: string
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ description: List of rule severities, as specified by the security rule's definition
+ example:
+ ["SEVERE", "HIGH"]
+ updatedBy:
+ type: array
+ items:
+ type: string
+ description: Email addresses of the last users to update the rules
+ createdBy:
+ type: array
+ items:
+ type: string
+ description: Email addresses of the user who created the rules.
+ enabledState:
+ type: list of booleans
+ description: true to include enabled rules, false to include disabled rules. An empty list defaults to both enabled and disabled rules.
+ example:
+ [true]
+ emailNotifications:
+ type: array
+ items:
+ type: string
+ description: List of email addresses on the recipients list to receive notifications when the rules trigger.
+ tags:
+ type: array
+ items:
+ type: string
+ description: Tags are labels used to organize security rules
+
+
+
+ # ::::: DEPLOYMENT MARKER DEFINITIONS
+ CreateMarkersRequest:
+ type: object
+ properties:
+ markers:
+ type: array
+ items:
+ $ref: '#/definitions/MarkerDataPoint'
+ MarkerDataPoint:
+ type: object
+ required:
+ - title
+ - description
+ properties:
+ title:
+ type: string
+ description: Specify a marker title, for example, a service name. The title appears in the Deployments list your Exceptions tab.
+ example: ServiceA
+ tag:
+ type: string
+ description: Specify `DEPLOYMENT` for the Deployment marker to appear in the Deployments list in your Exceptions tab.
+ default: OTHER
+ example: DEPLOYMENT
+ enum:
+ - DEPLOYMENT
+ - OTHER
+ timestamp:
+ type: integer
+ format: int64
+ description: Date of the deployment event, as Unix epoch milliseconds
+ example: 1613311091679
+ description:
+ type: string
+ description: Add a description to provide additional detail.
+ example: Description with additional context
+ required: true
+ metadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ version: version 5
+ deployer: iron man
+ description: >-
+ Provides additional metadata with details of the deployment.
+
+
+ (Future functionality: Metadata will be used to filter deploymentsby several dimensions. For example, to filter deployments by service and region to focus on deployments performed on a specific service and a specific region.
+
+
+
+ # ::::: Log Insights
+ PublicGetAccountInsightsRequest:
+ type: object
+ required:
+ properties:
+ startDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the start date for the query time frame. By default, returns the past 15 minutes ("now - 15 minutes" translated into a UNIX timestamp).
+ example: 1592904389950
+ endDate:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the end date for the query time frame. By default, returns the current time ("now" translated into a UNIX timestamp).
+ example: 1592254800000
+ from:
+ type: integer
+ format: int32
+ description: Of the results found, the first result to return. Must be a non-negative integer.
+ default: 0
+ example: 0
+ size:
+ type: integer
+ format: int32
+ description: Number of results to return. Must be a positive integer between 1-100.
+ default: 10
+ maximum: 100
+ minimum: 1
+ example: 100
+ insightTypes:
+ type: array
+ items:
+ type: string
+ enum:
+ - PUBLIC_CI
+ - LOGCEPTION
+ description: Filters results by Insight type. `LOGCEPTION` filters for application insights. `PUBLIC_CI` filters for Cognitive Insights.
+ default: ["PUBLIC_CI", "LOGCEPTION"]
+ example: ["PUBLIC_CI", "LOGCEPTION"]
+ tagNames:
+ type: array
+ items:
+ type: string
+ description: Filters results by the tag values used to categorize Insights.
+ example:
+ logTypes:
+ type: array
+ items:
+ type: string
+ description: Filters results by [log type](/user-guide/log-shipping/built-in-log-types.html).
+ example: ["log-engine", "spark"]
+ onlyNew:
+ type: boolean
+ description: Filters for Insights that first occurred in the selected time frame. In other words, excludes Insights that were first identified before or after the selected time range.
+ default: false
+ example: true
+ sortBy:
+ type: string
+ enum:
+ - FIRST_OCCURRENCE
+ - LAST_OCCURRENCE
+ - COUNT
+ description: Sorts Insights by the selected parameters.
+ default: COUNT
+ example: COUNT
+ asc:
+ type: boolean
+ description: If `false`, sorts Insights in descending order. The order depends on the selected `sortBy` paramater.
+ default: false
+ example: true
+ search:
+ type: string
+ description: Searches for an Insight by its title.
+ example: Exception
+ PageResponsePublicAccountInsightResponse:
+ type: object
+ properties:
+ pageSize:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 500
+ description: Number of results to return per page. Must be a positive integer between 0-500.
+ from:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 2147483647
+ description: UNIX timestamp in milliseconds.
+ total:
+ type: integer
+ format: int64
+ minimum: 0
+ maximum: 500
+ description: Total number of results found.
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/PublicAccountInsightResponse'
+ PublicAccountInsightResponse:
+ type: object
+ properties:
+ insightId:
+ type: string
+ description: An ID identifying the Insight in Logz.io. Can be used to track the Insight's occurrence in the environment over time.
+ example: "cf484f4c381c3e408a23accc5b487947d2f68791"
+ insightType:
+ type: string
+ enum:
+ - PUBLIC_CI
+ - LOGCEPTION
+ description: Identifies the type of Insight as either `LOGCEPTION` (application insights) or `PUBLIC_CI` (Cognitive Insights).
+ example: PUBLIC_CI
+ tagName:
+ type: string
+ description: Tags applied to the Insight help to categorize it.
+ example: ignite
+ description:
+ type: string
+ description: A helpful description of the issue identified by the Insight. The description is generated by Logz.io.
+ example: A match for the phrase - <'Could not find the language line'> was identified in the log message. As mentioned in the cited links, this may indicate that an issue has taken place that requires your attention.
+ links:
+ type: array
+ items:
+ type: string
+ description: Only applicable for `PUBLIC_CI` Insights. Provides reference links to recommended resources for further investigation of the issue.
+ example: https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/784 https://www.sitepoint.com/multi-language-support-in-codeigniter/ http://forum.codeigniter.com/thread-383.html https://community.invoiceplane.com/t/topic/3322 https://www.zonwhois.com/www/gwdcanada.com.html
+ additionalData:
+ type: object
+ description: Only applicable for `LOGCEPTION` Insights. Provides relevant excerpts from the stacktrace about the exception in question.
+ additionalProperties:
+ type: object
+ firstOccurrence:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the earliest appearance of the Insight. The lookback period is up to 6 months.
+ example: 1591181276000
+ lastOccurrence:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the most recent appearance of the Insight in the selected time frame.
+ example: 1591253121194
+ count:
+ type: integer
+ format: int64
+ description: The number of times the Insight occurred during the selected time frame.
+ example: 66
+ logTypes:
+ type: array
+ items:
+ type: string
+ description:
+ example: ["app-server", "user-analytics"]
+ kibanaLink:
+ type: string
+ description: Only applicable for `LOGCEPTION` Insights. Provides a drill-down link to fetch the raw logs that match the Insight in Kibana Discover.
+ insightTitle:
+ type: string
+ description: The title of the Insight.
+ example: "Could not find the language line create_user_validation_phone_label"
+
+
+ # ::::: AUDIT TRAIL DEFINITIONS
+ AuditTrailEventTypesResponse:
+ type: object
+ properties:
+ eventTypes:
+ type: array
+ items:
+ type: string
+ description: Event types in the audit trail
+ example: [ "Added user", "Admin created a sub account", "Changed password", "Failed login", "Login", "Logz.io admin has enabled a sawmill configuration", "Suspended user", "User created a token", "User installed an ELK app" ]
+ AuditEventData:
+ type: object
+ properties:
+ auditEventUser:
+ $ref: '#/definitions/AuditEventUser'
+ date:
+ type: integer
+ format: int64
+ description: Date of the audit event, as Unix epoch milliseconds
+ example: 1527168668
+ auditEventTypeTitle:
+ type: string
+ description: The event type
+ example: Admin created a sub account
+ ip:
+ type: string
+ description: IP address of the client device that generated the event
+ example: 52.203.237.249
+ geoLocation:
+ type: string
+ description: Geographical location of the device that made the request
+ example: New York - USA
+ extraDataList:
+ type: array
+ items:
+ $ref: '#/definitions/AuditEventExtraData'
+ valid:
+ type: boolean
+ AuditEventExtraData:
+ type: object
+ properties:
+ fieldName:
+ type: string
+ description: Name of the field
+ example: Account name
+ oldValue:
+ type: string
+ description: Original value of the field
+ example: Test account
+ newValue:
+ type: string
+ description: New value of the field
+ example: Apache access logs
+ AuditEventTypeData:
+ type: object
+ properties:
+ auditEventType:
+ type: string
+ description: Code for the event type
+ example: Added user
+ auditEventTypeTitle:
+ type: string
+ description: Description of the event type
+ example: Added user
+ AuditEventUser:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the user or token
+ example: 5374
+ fullName:
+ type: string
+ description: First and last name of the user, or name of the token
+ example: Larry Appleton
+ deleted:
+ type: boolean
+ description: If this user or token has been deleted, `true`. Otherwise, `false`.
+ example: false
+ userToken:
+ type: boolean
+ description: If this is a token, `true`. If this is a user, `false`.
+ AuditTrailFilteredResponse:
+ type: object
+ properties:
+ pageSize:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 500
+ description: The number of results requested
+ example: 50
+ from:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 2147483647
+ description: Of the results found, the first result returned.
+ example: 0
+ total:
+ type: integer
+ format: int64
+ minimum: 0
+ maximum: 500
+ description: Total number of results that met the search criteria.
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/AuditEventData'
+ auditEventUsersList:
+ type: array
+ items:
+ $ref: '#/definitions/AuditEventUser'
+ auditEventTypesList:
+ type: array
+ items:
+ $ref: '#/definitions/AuditEventTypeData'
+ AuditTrailFilterRequest:
+ type: object
+ properties:
+ size:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 500
+ default: 500
+ description: Maximum number of results to return.
+ example: 150
+ from:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 2147483647
+ default: 0
+ description: Of the results found, the first result to return.
+ example: 15
+ auditEventUser:
+ $ref: '#/definitions/AuditEventUser'
+ auditEventType:
+ type: string
+ description: Code for the event type
+ example: Added user
+ fromDate:
+ type: integer
+ format: int64
+ description: Starting timedate, as Unix epoch milliseconds.
+ example: 389880000
+ toDate:
+ type: integer
+ format: int64
+ description: Ending timedate, as Unix epoch milliseconds.
+ example: 414763200
+ sortDescending:
+ type: boolean
+ description: To sort results in descending order, `true`. For ascending order, `false`.
+ includeFiltersData:
+ type: boolean
+
+ # ::::: CLOUDTRAIL DEFINITIONS
+ CloudTrailResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: Logz.io ID of the CloudTrail connector. Use this ID to perform operations on the connector using Logz.io API endpoints.
+ example: 15
+ accessKey:
+ type: string
+ description: AWS S3 access key
+ example: ee07df5801500745419c6dff
+ bucket:
+ type: string
+ description: AWS S3 bucket name
+ example: cloudtrails bucket
+ prefix:
+ type: string
+ description: Prefix of the AWS S3 bucket
+ example: AWSLogs/7364988021587/myprefix
+ active:
+ type: boolean
+ description: If `true`, the CloudTrail connector is active and logs are being shipped to Logz.io. If `false`, the connector is disabled.
+ example: true
+ IdBean:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ readOnly: true
+ minimum: 1
+ description: Logz.io ID of the CloudTrail connector. Use this ID to perform operations on the connector using Logz.io API endpoints.
+ CloudTrailRequest:
+ type: object
+ properties:
+ accessKey:
+ type: string
+ description: AWS S3 access key
+ example: ee07df5801500745419c6dff
+ secretKey:
+ type: string
+ description: AWS secret access key
+ example: 506d891fe2163a511b450eddc3279539f6
+ bucket:
+ type: string
+ description: AWS S3 bucket name
+ example: LogzioBucket
+ prefix:
+ type: string
+ description: Prefix of the AWS S3 bucket
+ example: AWSLogs/7364988021587/myprefix
+ active:
+ type: boolean
+ description: If `true`, the CloudTrail connector is active and logs are being shipped to Logz.io. If `false`, the connector is disabled.
+ MessageBean:
+ type: object
+ properties:
+ message:
+ type: string
+ readOnly: true
+
+ # ::::: S3 DEFINITIONS
+ S3BucketRequest:
+ type: object
+ required:
+ - bucket
+ - region
+ - logsType
+ properties:
+ accessKey:
+ type: string
+ description: AWS S3 bucket access key
+ example: ee07df5801500745419c6dff
+ secretKey:
+ type: string
+ description: AWS S3 bucket secret key
+ example: 506d891fe2163a511b450eddc3279539f6
+ arn:
+ type: string
+ description: Amazon Resource Name (ARN) to uniquely identify the S3 bucket. To generate a new ARN, create a new IAM Role in your AWS admin console.
+ bucket:
+ type: string
+ description: AWS S3 bucket name
+ example: AWS bucket
+ prefix:
+ type: string
+ description: Prefix of the AWS S3 bucket
+ example: AWSLogs/7364988021587/myprefix
+ active:
+ type: boolean
+ default: true
+ description: If `true`, the S3 bucket connector is active and logs are being shipped to Logz.io. If `false`, the connector is disabled.
+ example: true
+ addS3ObjectKeyAsLogField:
+ type: boolean
+ default: false
+ description: If `true`, enriches logs with a new field detailing the S3 object key.
+ example: true
+ region:
+ type: string
+ description: Specify one supported AWS region.
+ enum:
+ - US_EAST_1
+ - US_EAST_2
+ - US_WEST_1
+ - US_WEST_2
+ - EU_WEST_1
+ - EU_WEST_2
+ - EU_WEST_3
+ - EU_CENTRAL_1
+ - AP_NORTHEAST_1
+ - AP_NORTHEAST_2
+ - AP_SOUTHEAST_1
+ - AP_SOUTHEAST_2
+ - SA_EAST_1
+ - AP_SOUTH_1
+ - CA_CENTRAL_1
+ logsType:
+ type: string
+ enum:
+ - elb
+ - vpcflow
+ - S3Access
+ - cloudfront
+ description: Specify the log type you will be sending to Logz.io. As a result, Logz.io will apply the appropriate parsing pipeline. [Learn more about parsing options supported by Logz.io](/user-guide/log-shipping/built-in-log-types.html).
+ example: elb
+ S3BucketResponse:
+ type: object
+ required:
+ - bucket
+ - region
+ - logsType
+ properties:
+ accessKey:
+ type: string
+ description: AWS S3 bucket access key
+ example: ee07df5801500745419c6dff
+ secretKey:
+ type: string
+ description: AWS S3 bucket secret key
+ example: 506d891fe2163a511b450eddc3279539f6
+ arn:
+ type: string
+ description: Amazon Resource Name (ARN) to uniquely identify the S3 bucket. To generate a new ARN, create a new IAM Role in your AWS admin console.
+ bucket:
+ type: string
+ description: AWS S3 bucket name
+ example: AWS bucket
+ prefix:
+ type: string
+ description: Prefix of the AWS S3 bucket
+ example: AWSLogs/7364988021587/myprefix
+ active:
+ type: boolean
+ default: true
+ description: If `true`, the S3 bucket connector is active and logs are being fetched to Logz.io. If `false`, the connector is disabled.
+ example: true
+ addS3ObjectKeyAsLogField:
+ type: boolean
+ default: false
+ description: If `true`, enriches logs with a new field detailing the S3 object key.
+ example: true
+ region:
+ type: string
+ description: Specify one supported AWS region.
+ enum:
+ - US_EAST_1
+ - US_EAST_2
+ - US_WEST_1
+ - US_WEST_2
+ - EU_WEST_1
+ - EU_WEST_2
+ - EU_WEST_3
+ - EU_CENTRAL_1
+ - AP_NORTHEAST_1
+ - AP_NORTHEAST_2
+ - AP_SOUTHEAST_1
+ - AP_SOUTHEAST_2
+ - SA_EAST_1
+ - AP_SOUTH_1
+ - CA_CENTRAL_1
+ logsType:
+ type: string
+ enum:
+ - elb
+ - vpcflow
+ - S3Access
+ - cloudfront
+ description: Specifies the log type being sent to Logz.io. Determines the parsing pipeline used to parse and map the logs. [Learn more about parsing options supported by Logz.io](/user-guide/log-shipping/built-in-log-types.html).
+ example: elb
+ AWSAssumeRoleDetails:
+ type: object
+ properties:
+ logzioAWSAccountId:
+ type: string
+ description: Logz.io account ID. Provide this account ID when creating a new AWS IAM Role.
+ example:
+ assignedExternalId:
+ type: string
+ description: Logz.io external ID. Provide this external ID when creating a new AWS IAM Role.
+ example:
+
+
+ # ::::: NOTIFICATION ENDPOINTS DEFINITIONS
+ EndpointUpsertResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: "ID of the notification endpoint. If the API call was made where `test=true`, then no changes are made to the endpoint. In this case, the response body contains `{\"id\": -1}` to indicate that a test message was sent."
+ example: 88
+ SlackEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: New Slack endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to logzio-alerts channel
+ url:
+ type: string
+ description: Your Slack webhook URL
+ example: https://hooks.slack.com/services/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
+ CustomEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: New custom endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to my custom endpoint
+ url:
+ type: string
+ description: URL where the notification will be sent
+ example: https://my.custom-endpoint.com
+ method:
+ type: string
+ description: The HTTP used to send the notification
+ example: POST
+ headers:
+ type: string
+ description: Header parameters to include, as comma-separated key-value pairs
+ example: authKey=6e30-60a9-3591
+ bodyTemplate:
+ type: object
+ description: JSON object that serves as the template for the message body.
+ additionalProperties:
+ type: object
+ example: {"subject": "Alert from Logz.io", "message": {"severity": "LOW", "body": "Check Logz.io for log activity"}}
+ PagerDutyEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: PagerDuty endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to PagerDuty
+ serviceKey:
+ type: string
+ description: API key from PagerDuty
+ example: 94ad63254a1397a51a1ae340c4f10890
+ BigPandaEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: BigPanda endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to BigPanda
+ apiToken:
+ type: string
+ description: API authentication token from BigPanda
+ example: 94ad63254a1397a51a1ae340c4f10890
+ appKey:
+ type: string
+ description: Application key from BigPanda
+ example: c687f9231619d7d7b959f33e4cc821a5
+ DatadogEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: Datadog endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to Datadog
+ apiKey:
+ type: string
+ description: API key from Datadog
+ example: c687f9231619d7d7b959f33e4cc821a5
+ VictoropsEndpointUpsertRequest:
+ type: object
+ required:
+ - messageType
+ - routingKey
+ - serviceApiKey
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: VictorOps endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to VictorOps
+ routingKey:
+ type: string
+ description: Alert routing key from VictorOps
+ example: devops
+ messageType:
+ type: string
+ description: VictorOps REST API `message_type`. For more information, see [VictorOps knowledge base](https://help.victorops.com/knowledge-base/victorops-restendpoint-integration/).
+ example: WARNING
+ serviceApiKey:
+ type: string
+ description: API key from VictorOps
+ example: c687f9231619d7d7b959f33e4cc821a5
+ Endpoint:
+ type: object
+ properties:
+ endpointType:
+ type: string
+ enum:
+ - BigPanda
+ - Slack
+ - Datadog
+ - Custom
+ - PagerDuty
+ - VictorOps
+ - Opsgenie
+ - ServiceNow
+ - Microsoft Teams
+ description: The notification endpoint type that will receive alert messages
+ example: Slack
+ id:
+ type: integer
+ format: int32
+ description: ID of the notification endpoint
+ example: 88
+ title:
+ type: string
+ description: Name of the endpoint
+ example: Slack
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Endpoint for sending alerts to Slack
+ OpsGenieEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: OpsGenie endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to OpsGenie
+ apiKey:
+ type: string
+ description: API key from OpsGenie, see https://docs.opsgenie.com/docs/logz-io-integration
+ example: c687f9231619d7d7b959f33e4cc821a5
+ ServiceNowEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: New ServiceNow endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to logzio-alerts channel
+ username:
+ type: string
+ description: ServiceNow user name
+ example: User
+ password:
+ type: string
+ description: ServiceNow password
+ example: Password
+ url:
+ type: string
+ description: Provide your instance URL to connect to your existing ServiceNow instance, i.e. https://xxxxxxxxx.service-now.com/.
+ example: https://my.custom-endpoint.com
+ MicrosoftTeamsEndpointUpsertRequest:
+ type: object
+ properties:
+ title:
+ type: string
+ description: Name of the endpoint
+ example: New Microsoft Teams endpoint
+ description:
+ type: string
+ description: Detailed description of the endpoint
+ example: Sends notifications to logzio-alerts channel
+ url:
+ type: string
+ description: Your Microsoft Teams webhook URL, see https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook
+ example: https://my.custom-endpoint.com
+
+ # ::::: KIBANA IMPORT/EXPORT DEFINITIONS
+ KibanaExportResponse:
+ type: object
+ properties:
+ kibanaVersion:
+ type: string
+ readOnly: true
+ description: The version of Kibana used at the time of export
+ example: 4.0.0-beta3
+ hits:
+ type: array
+ readOnly: true
+ items:
+ type: object
+ description: Exported Kibana objects
+ KibanaExportRequest:
+ type: object
+ required:
+ - type
+ properties:
+ type:
+ type: string
+ enum:
+ - search
+ - visualization
+ - dashboard
+ description: The object type to export
+ KibanaImportResponse:
+ type: object
+ properties:
+ created:
+ type: array
+ readOnly: true
+ items:
+ type: string
+ example: E-commerce-App-Transactions-overtime
+ description: Name of Kibana objects that were created
+ updated:
+ type: array
+ readOnly: true
+ items:
+ type: string
+ example: HTTP-Response-over-time
+ description: Names of the Kibana objects that were overwritten. Objects are shown here only if `override` was `true` in the import call.
+ ignored:
+ type: array
+ readOnly: true
+ items:
+ type: string
+ example: Transaction-overtime
+ description: Names of the Kibana objects that were not overwritten. Objects are shown here only if `override` was `false` in the import call.
+ failed:
+ type: array
+ readOnly: true
+ items:
+ type: string
+ example: Apache-Response-Over-Time
+ description: Names of the Kibana objects that could not be created, updated, or ignored.
+ KibanaImportRequest:
+ type: object
+ properties:
+ kibanaVersion:
+ type: string
+ description: The version of Kibana used at the time of export. This must match the current version of Kibana that you're importing to.
+ example: 4.0.0-beta3
+ override:
+ type: boolean
+ description: >-
+ To update an existing object with the same ID, `true`. Otherwise, `false`.
+
+
+ If override is `true`, response message shows overwritten objects as `updated`. If override is `false`, no existing objects are updated, and response message shows these objects as `ignored`.
+ example: false
+ hits:
+ type: array
+ items:
+ type: object
+ additionalProperties:
+ type: object
+ description: >-
+ Each JSON object in the array represents a discrete Kibana object.
+
+
+ **Note:** As a best practice, import only objects that were exported from Kibana.
+
+ # ::::: SEARCH, SCROLL DEFINITIONS
+ ScrollResponse:
+ type: object
+ properties:
+ code:
+ type: integer
+ format: int32
+ readOnly: true
+ example: 200
+ scrollId:
+ type: string
+ readOnly: true
+ description: Keep passing this ID in the request until you've retrieved all of the results. Copy this ID and pass it as the field `scroll_id` in a request to the same endpoint to retrieve the next page of results. (Remember to first clear the request body of all other parameters. The `scrollId` is valid for 20 minutes.)
+ example: DnF1ZXJ5VGhlbkZldGNoCQAAAAAWXRbqFlNpSWRrTUtXUUR1N1pJbG9uSkJINncAAAAAFp6B-xZTTVFrMGt4eVFnZXhQZV9YbVRrU3NnAAAAABakA8QWNjY1RUZtdWZRS1NZZWt1ZERTNHNaQQAAAAAWXRbrFlNpSWRrTUtXUUR1N1pJbG9uSkJINncAAAAAFl0W7BZTaUlka01LV1FEdTdaSWxvbkpCSDZ3AAAAABQ1nb4WVjRyRlUxZWRUU0dzbTV5VVVqYkhxdwAAAAAUdHVqFlF0b3Znei1ZUXgtZEkyZkR3M0pMbGcAAAAAFvGs6hZKVklxaXIyZ1NOQzF5NHg1cmhtVDV3AAAAABR0dWkWUXRvdmd6LVlReC1kSTJmRHczSkxsZw==
+ hits:
+ type: string
+ readOnly: true
+ description: Query results in stringified JSON format. 'hits' are the total number of logs that match the query.
+ ScrollRequest:
+ type: object
+ properties:
+ query:
+ type: object
+ description: >-
+ Add a search query to receive the `scrollID` in the result.
+
+
+ The query can take any of the parameters described in the [Elasticsearch Search API DSL documentation](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search.html) with the exceptions stated below.
+
+
+ You can only add the `query` parameters if you are not passing the `scroll_id` in the request.
+
+ #### Limitations
+
+ * The query can only run on 2 consecutive indexes. By default, the query runs on data sent today and yesterday. You can also add a filter on `timestamp` to search a smaller time frame.
+
+ * When using `query_string`, `allow_leading_wildcard` must be set to `false` to disable leading wildcards. In other words, the query can't start with `*` or `?`
+
+ * Can't use `fuzzy_max_expansions`, `max_expansions`, or `max_determinized_states`
+ size:
+ type: integer
+ format: int32
+ description: Number of results to return
+ default: 10
+ maximum: 1,000
+ example: 50
+ from:
+ type: integer
+ format: int32
+ minimum: 0
+ description: Of the results found, the first result to return.
+ example: 0
+ sort:
+ type: array
+ items:
+ type: object
+ description: >-
+ #### Limitations
+
+ * Can't sort on analyzed fields, such as the `message` field
+ _source:
+ type: object
+ description: >-
+ The object `includes` specifies an array of strings specifying an array of fields to return.
+
+ * If you omit `_source` from the request, all fields are returned.
+
+ * If you pass `'_source': false`, it will exclude the `_source` field from the results.
+ properties:
+ includes:
+ type: array
+ description: Array of fields to return
+ example: ["message"]
+ items:
+ - type: string
+ description: Field to return.
+ post_filter:
+ type: object
+ scroll:
+ type: string
+ description: >-
+ These time units are supported:
+
+
+ | Unit | Description |
+ m | minutes |
+ s | seconds |
+ ms | milliseconds |
+ micros | microseconds |
+ nanos | nanoseconds |
+
+
+
+ #### Limitations
+
+ * Time search must be ≤ 5 minutes. If no time is specified, default is `1m` (1 minute).
+ aggregations:
+ type: object
+ description: >-
+ Apply field aggregations. See the [Elasticsearch guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/search-aggregations.html) for details.
+
+
+ #### Limitations
+
+ * When using the `size` element, the value must be ≤ `1000`
+
+ * Can't nest 2 or more bucket aggregations of these types: `date_histogram`, `geohash_grid`, `histogram`, `ip_ranges`, `significant_terms`, `terms`
+
+ * Can't sort or aggregate on analyzed fields, such as the `message` field
+
+ * Aggregation type `significant_terms` and `multi_terms` can't be used
+
+ * If the request specifies aggregations, only the initial search response will contain the aggregations results
+
+
+ **Note:** You can use `aggs` or `aggregations` as the field name
+ example: { "byType": { "terms": { "field": "type", "size": 5 } } }
+
+ # ::::: SHARED TOKENS DEFINITIONS
+ QueryFilter:
+ type: object
+ required:
+ - field
+ - value
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the shared token filter
+ example: 339
+ field:
+ type: string
+ pattern: '^[a-zA-Z0-9_@.-]+$'
+ description: The field to filter
+ value:
+ type: string
+ pattern: '^[a-zA-Z0-9_@.-]+$'
+ description: The filter query
+ description:
+ type: string
+ description: Name of the filter
+ example: 503 responses
+ SharedToken:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the shared token
+ example: 1241
+ name:
+ type: string
+ description: Descriptive name of the token
+ example: Snapshotting token
+ token:
+ type: string
+ description: The token
+ example: 6c36edf51-cf93883aa35-5bc6ce6-7bcfe60d87
+ filters:
+ type: array
+ uniqueItems: true
+ items:
+ type: integer
+ format: int32
+ description: Array of filter IDs attached to each token. If no filter is attached, `null`.
+ example: [339, 340]
+ CreateSharedTokenRequest:
+ type: object
+ properties:
+ tokenName:
+ type: string
+ default: string
+ description: Name of the token
+ example: Support team token
+ filters:
+ type: array
+ uniqueItems: true
+ items:
+ type: integer
+ format: int32
+ description: IDs of filters to attach to the token
+ example: [ 339 ]
+ UpdateSharedTokenRequest:
+ type: object
+ required:
+ - filters
+ properties:
+ filters:
+ type: array
+ uniqueItems: true
+ items:
+ type: integer
+ format: int32
+ description: ID of the filter
+ example: 339
+ description: IDs of filters to attach to the token. To remove all filters, use an empty array `[]`.
+
+ # ::::: API TOKENS DEFINITIONS
+ ApiTokenResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the newly created API token for the sub account
+ example: 7386
+ name:
+ type: string
+ description: The name of the newly created API token for the sub account. Uses the name provided in the request.
+ example: newTokenTest999
+ token:
+ type: string
+ description: The API token
+ example: c498fbc3-a3ac-4676-ad09-689854b5cbbd"
+ createdAt:
+ type: Instant
+ description: The time at which the new sub account API token was created
+ example: 1621858311.000000000
+ CreateApiTokenRequest:
+ type: object
+ properties:
+ name:
+ type: string
+ default: string
+ description: The name provided in the request for a new API token for the sub account
+ example: newTokenTest999
+ accountId:
+ type: integer
+ format: int32
+ description: Logz.io sub account ID.
+ example: 160343
+
+ # ::::: SNAPSHOTS DEFINITIONS
+ SnapshotCreateResponse:
+ type: object
+ properties:
+ snapshotId:
+ type: integer
+ format: int32
+ description: ID of the snapshot
+ example: 2049
+ SnapshotCreateRequest:
+ type: object
+ required:
+ - snapshotSavedObjectId
+ - snapshotTimeZone
+ - snapshotType
+ - timeFrameFrom
+ - timeFrameTo
+ properties:
+ snapshotType:
+ type: string
+ enum:
+ - DASHBOARD
+ - VISUALIZATION
+ description: The object type to share
+ snapshotSavedObjectId:
+ type: string
+ description: ID of the object to share. If you don't know the object ID, you can use the [/kibana/export](#operation/exportSavedObjects) endpoint.
+ example: 11f6a669-4f21-6313-dd83-319dbfc8ff96
+ slackWebhookUrls:
+ type: array
+ items:
+ type: string
+ description: >-
+ URLs of Slack webhooks that you want to send this snapshot to.
+
At least one of `emails`, `slackWebhookUrls`, and `endpoints` is required with each request.
+ If all three are missing, the request will fail.
+ example: ["https://hooks.slack.com/services/CC29C43F8/7E6E833FB/Ebe297580E7FaC354F9D4d7"]
+ endpoints:
+ type: array
+ items:
+ type: integer
+ format: int32
+ description: >-
+ IDs of notification endpoints that you want to send this snapshot to
+
At least one of `emails`, `slackWebhookUrls`, and `endpoints` is required with each request.
+ If all three are missing, the request will fail.
+ emails:
+ type: array
+ items:
+ type: string
+ description: >-
+ Email addresses that you want to send this snapshot to
+
At least one of `emails`, `slackWebhookUrls`, and `endpoints` is required with each request.
+ If all three are missing, the request will fail.
+ message:
+ type: string
+ description: Message to send to the shared object recipients
+ example: Take a look at these Apache logs, let me know if you want me to do anything about it
+ timeFrameFrom:
+ type: integer
+ format: int64
+ description: Starting timedate of the visualization, as a Unix epoch integer.
+ example: 389836800
+ timeFrameTo:
+ type: integer
+ format: int64
+ description: Ending timedate of the visualization, as a Unix epoch integer.
+ example: 414720000
+ snapshotTimeZone:
+ type: string
+ description: Time zone to use in `timeFrameFrom` and `timeFrameTo`
+ example: UTC
+ queryString:
+ type: string
+ description: Search query
+ example: "type:example"
+ darkTheme:
+ type: boolean
+ description: To send the object with Kibana dark theme colors, `true`. Otherwise, `false`.
+ SnapshotGetResponse:
+ type: object
+ properties:
+ snapshotId:
+ type: integer
+ format: int32
+ description: ID of the snapshot
+ example: 3094
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the account
+ example: 5555
+ snapshotType:
+ type: string
+ enum:
+ - DASHBOARD
+ - VISUALIZATION
+ description: The object type
+ example: VISUALIZATION
+ status:
+ type: string
+ enum:
+ - SUCCESS
+ - FAILED
+ - IN_PROGRESS
+ description: Status of the snapshot capture operation
+ example: SUCCESS
+ snapshotSavedObjectName:
+ type: string
+ description: Name of the object captured in the snapshot
+ example: Mysql response times percentiles
+ imageUrl:
+ type: string
+ description: Web address where the snapshot image is stored
+ example: https://snapshotter-logzio-prod.s3.amazonaws.com/1234/567890/snapshots/8843_3094_dC6pBjbrWc1lfN7Gob82oJuSUxTGbm8D6hDE1TcR1pVzIVO0TsB3tuZEZs1YpOGh.png
+ appLinkUrl:
+ type: string
+ description: A link to the snapshot in the Logz.io app
+ example: https://app.logz.io/#/dashboard/kibana?kibanaRoute=%2Fvisualize%2Fedit%a4d365e001-5bc9-4851-1933-a70b45a67e9d%3F_g%3D%2528time%253A%2528from%253A%25272018-06-02T15
+ message:
+ type: string
+ description: Message to send to snapshot recipients
+ example: Hey, let me know if you need me to do anything about this.
+ timeFrameFrom:
+ type: integer
+ format: int64
+ description: Starting timedate of the visualization, as a Unix epoch integer.
+ example: 389836800
+ timeFrameTo:
+ type: integer
+ format: int64
+ description: Ending timedate of the visualization, as a Unix epoch integer.
+ example: 414720000
+ snapshotTimeZone:
+ type: string
+ description: Time zone to use in `timeFrameFrom` and `timeFrameTo`
+ example: UTC
+ SnapshotNotification:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ type:
+ type: string
+ enum:
+ - EMAIL
+ - SLACK
+ address:
+ type: string
+ status:
+ type: string
+ enum:
+ - PENDING
+ - IN_WORK
+ - NEED_RETRY
+ - FAILED
+ - SUCCESS
+ SnapshotRequest:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ snapshotType:
+ type: string
+ enum:
+ - DASHBOARD
+ - VISUALIZATION
+ - SAVED_SEARCH
+ snapshotSavedObjectName:
+ type: string
+ snapshotUrl:
+ type: string
+ appLinkUrl:
+ type: string
+ recipients:
+ type: array
+ items:
+ $ref: '#/definitions/SnapshotNotification'
+ message:
+ type: string
+ timeFrameFrom:
+ type: integer
+ format: int64
+ timeFrameTo:
+ type: integer
+ format: int64
+ snapshotTimeZone:
+ type: string
+
+ # ::::: USER MANAGEMENT DEFINITIONS
+ User:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 33265
+ username:
+ type: string
+ description: Email address used to sign in to Logz.io
+ example: steve@winslows.com
+ fullName:
+ type: string
+ description: First and last name of the user
+ example: Stefan Urkel
+ accountID:
+ type: integer
+ format: int32
+ description: Logz.io account ID.
+ example: 55555
+ role:
+ type: string
+ description: User role. Can be `USER_ROLE_READONLY`, `USER_ROLE_REGULAR` or `USER_ROLE_ACCOUNT_ADMIN`.
+ example: USER_ROLE_READONLY
+ active:
+ type: boolean
+ description: If the user is active, `true`. If the user is suspended, `false`.
+ example: true
+ UserManagementUpsertResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the user
+ example: 13485
+ UserManagementUpsertRequest:
+ type: object
+ required:
+ - fullName
+ - username
+ - roles
+ - accountID
+ properties:
+ username:
+ type: string
+ pattern: >-
+ ^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,})$
+ description: Email address used to sign in to Logz.io. This property cannot be updated. A new user will need to be created for each email address.
+ example: drvenkman@gbusters.com
+ fullName:
+ type: string
+ description: The user's first and last name
+ example: Peter Venkman
+ accountID:
+ type: integer
+ format: int32
+ description: ID of the account attached to the user
+ role:
+ type: string
+ description: User role. Can be `USER_ROLE_READONLY`, `USER_ROLE_REGULAR` or `USER_ROLE_ACCOUNT_ADMIN`.
+ example: USER_ROLE_READONLY
+
+ # ::::: DROP FILTERS
+ DropFiltersCreateRequest:
+ type: object
+ properties:
+ logType:
+ type: string
+ nullable: true
+ description: Filters for the [log type](/user-guide/log-shipping/built-in-log-types.html).
+ example: apache
+ fieldConditions:
+ type: array
+ items:
+ $ref: '#/definitions/FieldCondition'
+
+
+ FieldCondition:
+ type: object
+ properties:
+ fieldName:
+ type: string
+ description: Exact field name in your Kibana mapping for the selected `logType`.
+ example: response
+ value:
+ type: object
+ description: Exact field value. The filter looks for an exact value match of the entire string.
+ example: 200
+
+ LogsDropFiltersPipelineDefinition:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Drop filter ID in the Logz.io database. You can run the `/v1/drop-filters/search` endpoint to retrieve the IDs of all the drop filters in the account.
+ example: f54406c1-b4ad-5969-8542-f6a3e9df5c79
+ active:
+ type: boolean
+ description: If `true`, the drop filter is active and logs that match the filter are dropped before indexing. If `false`, the drop filter is disabled.
+ example: true
+ logType:
+ type: string
+ description: Filters for the [log type](/user-guide/log-shipping/built-in-log-types.html).
+ example: apache
+ fieldConditions:
+ type: array
+ description: Filters for an exact match of a field:value pair.
+ items:
+ $ref: '#/definitions/FieldCondition'
+
+
+ # ::::: Archive DEFINITIONS
+ ArchiveSettings:
+ type: object
+ required:
+ - storageType
+ properties:
+ storageType:
+ type: string
+ enum:
+ - S3
+ - BLOB
+ description: Specifies the storage provider. If `S3`, the `amazonS3StorageSettings` are relevant. If `BLOB`, the `azureBlobStorageSettings` are relevant.
+ example: S3
+ enabled:
+ type: boolean
+ description: If `true`, archiving is currently enabled.
+ default: true
+ example: true
+ compressed:
+ type: boolean
+ description: If `true`, logs are compressed before they are archived.
+ default: true
+ example: true
+ amazonS3StorageSettings:
+ description: Applicable settings when the `storageType` is `S3`.
+ $ref: '#/definitions/S3StorageSettings'
+ azureBlobStorageSettings:
+ description: Applicable settings when the `storageType` is `Blob`.
+ $ref: '#/definitions/BlobSettings'
+ ArchiveSettingsResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: Unique ID of the archive settings.
+ example: 323
+ settings:
+ $ref: '#/definitions/ArchiveSettings'
+ BlobSettings:
+ type: object
+ description: Applicable settings when the `storageType` is `Blob`. For detailed instructions about setting up a storage container in Azure and locating the required parameters, [click here](/user-guide/archive-and-restore/azure-blob-permissions/).
+ required:
+ - tenantId
+ - clientId
+ - clientSecret
+ - accountName
+ - containerName
+ properties:
+ tenantId:
+ type: string
+ description: Azure Directory (tenant) ID. The Tenant ID of the AD app. Go to Azure Active Directory > App registrations and select the app to see it.
+ clientId:
+ type: string
+ description: Azure application (client) ID. The Client ID of the AD app, found under the App Overview page. Go to Azure Active Directory > App registrations and select the app to see it.
+ clientSecret:
+ type: string
+ description: Azure client secret. Password of the Client secret, found in the app's Certificates & secrets page. Go to Azure Active Directory > App registrations and select the app. Then select Certificates & secrets to see it.
+ accountName:
+ type: string
+ description: Azure Storage account name. Name of the storage account that holds the container where the logs will be archived.
+ containerName:
+ type: string
+ description: Name of the container in the Storage account. This is where the logs will be archived.
+ path:
+ type: string
+ nullable: true
+ description: Optional virtual sub-folder specifiying a path within the container. Logs will be archived under the path “{container-name}/{virtual sub-folder}”. Avoid leading and trailing slashes (/). For example, the prefix “region1” is good, but “/region1/” is not.
+ S3IamCredentials:
+ type: object
+ properties:
+ arn:
+ type: string
+ description: Amazon Resource Name (ARN) to uniquely identify the S3 bucket.
+ S3SecretCredentials:
+ type: object
+ required:
+ - accessKey
+ - secretKey
+ description: Authentication with S3 Secret Credentials is supported for backward compatibility. IAM roles are strongly recommended.
+ properties:
+ accessKey:
+ type: string
+ secretKey:
+ type: string
+ S3StorageSettings:
+ type: object
+ required:
+ - credentialsType
+ - path
+ description: Applicable settings when the `storageType` is `S3`.
+ properties:
+ credentialsType:
+ description: Specifies which credentials will be used for authentication. The options are either `KEYS` with `s3SecretCredentials`, or `IAM` with `s3IamCredentials`.
+ type: string
+ enum:
+ - IAM
+ - KEYS
+ path:
+ type: string
+ description: >-
+ Specify a path to the **root** of the S3 bucket. (Currently, archiving to a sub-bucket is supported, but not restoring from one.)
+
+ **Unique buckets** - It is important to archive each account/sub-account to a separate S3 bucket.
+ s3SecretCredentials:
+ $ref: '#/definitions/S3SecretCredentials'
+ s3IamCredentials:
+ $ref: '#/definitions/S3IamCredentials'
+ TestStorageRequest:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ archiveSettings:
+ $ref: '#/definitions/ArchiveSettings'
+
+ # ::::: SHIPPING TOKENS DEFINITIONS
+ ShippingTokensModel:
+ type: object
+ properties:
+ name:
+ type: string
+ description: This token's name.
+ example: apac prod
+ id:
+ type: integer
+ format: int32
+ description: This token's ID.
+ example: 786351
+ token:
+ type: string
+ description: The token itself.
+ example: 6bLXmMA6FLibc7ySSqNcCfvbhtqT0rPS
+ updatedAt:
+ type: string
+ description: Unix timestamp of when this token was last updated.
+ example: 414720000
+ updatedBy:
+ type: string
+ description: Email address of the last user to update this token.
+ example: shalom.the.mighty@gmail.com
+ createdAt:
+ type: string
+ description: Unix timestamp of when this token was created.
+ example: 389836800
+ createdBy:
+ type: string
+ description: Email address of the user who created this token.
+ example: you.got.this@gmail.com
+ enabled:
+ type: boolean
+ description: If this token is enabled, `true`. If it's disabled, `false`.
+ ShippingTokensRequest:
+ type: object
+ properties:
+ name:
+ type: string
+ description: Descriptive name for this token.
+ example: staging eu
+ enabled:
+ type: boolean
+ default: true
+ description: To enable this token, `true`. To disable, `false`.
+ ShippingTokensLimitsResponse:
+ type: object
+ properties:
+ maxAllowedTokens:
+ type: integer
+ format: int32
+ description: The number of log shipping tokens this account can have.
+ example: 50
+ numOfEnabledTokens:
+ type: integer
+ format: int32
+ description: The number of log shipping tokens currently enabled for this account.
+ example: 27
+ ShippingTokensSearchRequest:
+ type: object
+ properties:
+ filter:
+ $ref: '#/definitions/ShippingTokensFilterRequest'
+ sort:
+ type: array
+ description: Sorts the results before returning them.
+ items:
+ $ref: '#/definitions/ShippingTokensSortRequest'
+ pagination:
+ $ref: '#/definitions/Pagination'
+ ShippingTokensSortRequest:
+ type: object
+ properties:
+ field:
+ type: string
+ enum:
+ - CREATED_AT
+ - NAME
+ description: >-
+ To sort by creation date, use `"createdAt"`.
+ To sort by name, use `"name"`.
+ example: NAME
+ descending:
+ type: boolean
+ description: >-
+ For descending order, use `true`.
+ For ascending order, use `false`.
+
+ ShippingTokensFilterRequest:
+ type: object
+ required:
+ - enabled
+ description: Filters your search for token attributes.
+ properties:
+ enabled:
+ type: boolean
+ description: >-
+ Set to `true` to filter for enabled tokens.
+ Set to `false` to filter for disabled tokens.
+ PagedSearchResponseShippingTokensModel:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ results:
+ type: array
+ items:
+ $ref: '#/definitions/ShippingTokensModel'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+
+ # ::::: Alert DEFINITIONS
+ Aggregation:
+ type: object
+ description: Specifies a trigger condition that acts as a threshold.
+ properties:
+ aggregationType:
+ type: string
+ description: >-
+ Specifies the aggregation operator.
+
+
+ * If `COUNT`, `fieldToAggregateOn` must be null, and `groupBy` fields must not be empty.
+
+ * If `NONE`, `fieldToAggregateOn` must be null, and `groupBy` field must not be empty (or null).
+
+ * If `PERCENTAGE`, `valueToAggregateOn` must be specified.
+
+
+ * If any other operator type (other than `NONE` or `COUNT`), `fieldToAggregateOn` must not be null.
+ enum:
+ - SUM
+ - MIN
+ - MAX
+ - AVG
+ - COUNT
+ - UNIQUE_COUNT
+ - NONE
+ - PERCENTAGE
+ - PERCENTILE
+ fieldToAggregateOn:
+ type: string
+ description: >-
+ Selects the field on which to run the aggregation for the trigger condition.
+
+
+ * Cannot be a field already in use for `groupBy`.
+ valueToAggregateOn:
+ type: string
+ description: >-
+ Used by the `PERCENTAGE` aggregation to select the field’s value. This value is used to determine if its ratio out of the total amount of logs in the query satisfies the trigger condition.
+
+ * Only relevant for the `PERCENTAGE` aggregation.
+
+ AlertV2Response:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: Logz.io alert ID.
+ example: 627816
+ updatedAt:
+ type: string
+ description: Date and time in UTC when the alert was last updated.
+ example: 2020-04-02T18:58:16.000Z
+ updatedBy:
+ type: string
+ description: Email of the user who last updated the alert.
+ example: tomer@logz.io
+ createdAt:
+ type: string
+ description: Date and time in UTC when the alert was first created.
+ example: 2020-02-02T18:58:16.000Z
+ createdBy:
+ type: string
+ description: Email of the user who first created the alert.
+ example: tomer@logz.io
+ enabled:
+ type: boolean
+ description: If `true`, the alert is currently active.
+ exampe: true
+ title:
+ type: string
+ description: Alert title.
+ example: Excessive WARN levels in PROD
+ description:
+ type: string
+ description: A description of the event, its significance, and suggested next steps or instructions for the team.
+ example: Steps to remediate...
+ tags:
+ type: array
+ items:
+ type: string
+ description: Tags for filtering alerts and triggered alerts. Can be used in Kibana Discover, dashboards, and more.
+ example: [network, aws]
+ output:
+ $ref: '#/definitions/AlertOutput'
+ searchTimeFrameMinutes:
+ type: integer
+ minimum: 5
+ maximum: 1440
+ format: int32
+ description: >-
+ The time frame for evaluating the log data is a sliding window, with 1 minute granularity.
+
+
+ The recommended minimum and maximum values are not validated, but needed to guarantee the alert's accuracy.
+
+
+ The minimum recommended time frame is 5 minutes, as anything shorter will be less reliable and unnecessarily resource-heavy.
+
+
+ The maximum recommended time frame is 1440 minutes (24 hours). The alert runs on the index from today and yesterday (in UTC) and the maximum time frame increases throughout the day, reaching 48 hours exactly before midnight UTC.
+ subComponents:
+ type: array
+ description: Determines when the alert should trigger using any combination of a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ items:
+ $ref: '#/definitions/SubAlert'
+ correlations:
+ $ref: '#/definitions/SubAlertCorrelation'
+ schedule:
+ type: object
+ description: Defines the intervals in which an alert will be evaluated. This feature is still in production, but the payload already contains the data.
+ properties:
+ cronExpression:
+ type: string
+ description: Cron job for the intervals schedule.
+ timezone:
+ type: string
+ description: Time zone for the cron job. If no time zone is selected, UTC will be used by default.
+
+ AlertOutput:
+ type: object
+ description: Automatically sends out notifications with sample results when the alert triggers.
+ properties:
+ recipients:
+ $ref: '#/definitions/AlertRecipients'
+ suppressNotificationsMinutes:
+ type: integer
+ format: int32
+ minimum: 5
+ maximum: 1440
+ description: Add a waiting period in minutes to space out notifications. (The alert will still trigger but will not send out notifications during the waiting period.)
+ example: 60
+ type:
+ type: string
+ description: Selects the output format for the alert notification. If the alert has no aggregations/group by fields, `JSON` offers the option to send full sample logs without selecting specific fields.
+ enum:
+ - JSON
+ - TABLE
+ AlertQuery:
+ type: object
+ description: Determines when the alert should trigger using any combination of a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ properties:
+ query:
+ type: string
+ description: >-
+ Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs.
+
+
+ Cannot be null - send an asterisk wildcard `*` if not using a search query.
+ default: "*"
+ nullable: false
+ example: type:apache_access
+ filters:
+ $ref: '#/definitions/BoolFilter'
+ groupBy:
+ type: array
+ nullable: true
+ description: Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the alert returns a count of the results aggregated by unique values.
+ items:
+ type: string
+ maxItems: 3
+ minItems: 0
+ aggregation:
+ $ref: '#/definitions/Aggregation'
+ shouldQueryOnAllAccounts:
+ type: boolean
+ default: true
+ example: false
+ description: Only applicable when the alert is run from the main account. If `true`, the alert runs on the main account and all associated searchable sub accounts. If `false`, specify relevant account IDs for the alert to monitor using the `accountIdsToQueryOn` field.
+ accountIdsToQueryOn:
+ type: array
+ description: Specify Account IDs to select which accounts the alert should monitor. The alert will be checked only on these accounts.
+ items:
+ type: integer
+ format: int32
+ example: 2321
+
+ TriggeredAlertsResponse:
+ type: object
+ properties:
+ pageSize:
+ type: integer
+ description: Size of page returned.
+ example: 2
+ from:
+ type: integer
+ description: Of the results found, the first result to return.
+ example: 1
+ total:
+ type: integer
+ description: Total number of alerts retrieved.
+ example: 2
+ results:
+ type: array
+ description: Array of alerts retrieved by the search.
+ items:
+ type: object
+ properties:
+ alertId:
+ type: integer
+ description: Alert ID.
+ example: 1
+ name:
+ type: string
+ description: Alert name.
+ example: test
+ eventDate:
+ type: number
+ description: Alert date.
+ example: 1523970558.657000000
+ severity:
+ type: string
+ description: Alert severity
+ example: HIGH
+
+
+ AlertRecipients:
+ type: object
+ description: Add email addresses and/or endpoint channels to automatically receive notifications with sample data when the alert triggers.
+ properties:
+ emails:
+ type: array
+ description: Array of email addresses to be notified when the alert triggers.
+ items:
+ type: string
+ example: tom.a@logz.io
+ notificationEndpointIds:
+ type: array
+ description: Array of IDs of pre-configured endpoint channels to notify when the alert triggers.
+ items:
+ type: integer
+ format: int32
+
+ SubAlert:
+ type: object
+ properties:
+ queryDefinition:
+ $ref: '#/definitions/AlertQuery'
+ trigger:
+ $ref: '#/definitions/AlertTrigger'
+ output:
+ $ref: '#/definitions/SubAlertOutput'
+ SubAlertCorrelation:
+ type: object
+ description: >-
+ Only applicable when multiple sub-components are in use. Selects a logic for correlating the alert’s sub-components.
+
+
+ `AND` is currently the only supported operator. When `AND` is the `correlationOperator`, both sub-components must meet their triggering criteria for the alert to trigger.
+ properties:
+ correlationOperators:
+ type: array
+ items:
+ type: string
+ enum:
+ - AND
+
+ joins:
+ type: array
+ description: >-
+ Specifies which group by fields must have the same values to trigger the alert.
+
+
+ Joins the group by fields from the first and second sub-components. The key represents the index of the sub component in the array (See the example - the index of the first sub-component is 0, the second is 1).
+
+
+ The fields must be ordered pairs of the group by fields already in use in the `queryDefinition`.
+ items:
+ type: object
+ additionalProperties:
+ example: {0: "region", 1: "region"}
+ SubAlertOutput:
+ type: object
+ description: Selects the data output to be sent in the notification when the alert triggers. Not applicable, when grouping by fields or aggregating results, as the output is auto-selected.
+ properties:
+ shouldUseAllFields:
+ type: boolean
+ description: If `true`, the notification output will include entire logs with all of their fields in the sample data.
+ default: true
+ AlertV2Request:
+ type: object
+ required:
+ - title
+ - subComponents
+ properties:
+ title:
+ type: string
+ description: Alert title
+ example: Excessive WARN levels in PROD
+ description:
+ type: string
+ description: A description of the event, its significance, and suggested next steps or instructions for the team.
+ example: Steps to remediate...
+ tags:
+ type: array
+ items:
+ type: string
+ example: "network"
+ maxItems: 10
+ minItems: 0
+ description: Tags for filtering alerts and triggered alerts. Can be used in Kibana Discover, dashboards, and more.
+
+ output:
+ $ref: '#/definitions/AlertOutput'
+ searchTimeFrameMinutes:
+ type: integer
+ minimum: 5
+ maximum: 1440
+ format: int32
+ description: >-
+ The time frame for evaluating the log data is a sliding window, with 1 minute granularity.
+
+
+ The recommended minimum and maximum values are not validated, but needed to guarantee the alert's accuracy.
+
+
+ The minimum recommended time frame is 5 minutes, as anything shorter will be less reliable and unnecessarily resource-heavy.
+
+
+ The maximum recommended time frame is 1440 minutes (24 hours). The alert runs on the index from today and yesterday (in UTC) and the maximum time frame increases throughout the day, reaching 48 hours exactly before midnight UTC.
+
+
+ The default value is 5.
+ example: 20
+ subComponents:
+ type: array
+ description: Sets the search criteria using a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ items:
+ $ref: '#/definitions/SubAlert'
+ correlations:
+ $ref: '#/definitions/SubAlertCorrelation'
+ schedule:
+ type: object
+ description: Defines the frequency and the time frame in which an alert will be evaluated.
+ properties:
+ cronExpression:
+ type: string
+ description: Cron job for the intervals schedule.
+ example: "0 0/60 9-17 ? * * *"
+ timezone:
+ type: string
+ description: Time zone for the cron job. If no time zone is selected, UTC will be used by default.
+ example: "America/Sao_Paulo"
+ enabled:
+ type: boolean
+ description: If `true`, the alert is enabled and active. Default value is `true`.
+ AlertTrigger:
+ type: object
+ description: Sets the triggering threshold and severity tab to label the event when the alert triggers.
+ properties:
+ operator:
+ type: string
+ enum:
+ - LESS_THAN
+ - GREATER_THAN
+ - LESS_THAN_OR_EQUALS
+ - GREATER_THAN_OR_EQUALS
+ - EQUALS
+ - NOT_EQUALS
+ example: GREATER_THAN_OR_EQUALS
+ description: Specifies the operator for evaluating the results.
+ severityThresholdTiers:
+ type: object
+ description: >-
+ Sets a severity label per trigger threshold as a key:value pair.
+
+
+ If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per `enum` are allowed (for a total of 5 thresholds of increasing severities).
+
+
+ Increasing severity must adhere to the logic of the operator.
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ additionalProperties:
+ default:
+ MEDIUM: 10.0
+ example:
+ MEDIUM: 10.0
+ HIGH: 100.0
+ SEVERE: 300.0
+
+ BoolFilter:
+ type: object
+ description: Apply `must` and `must_not` filters to the monitoring alert. Filters are more efficient compared to a query, so it's recommended to opt for a filter over a query, where possible. See [Elasticsearch Bool-Query](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/query-dsl-bool-query.html) for more detail.
+ properties:
+ bool:
+ $ref: '#/definitions/FilterLists'
+ ColumnConfig:
+ type: object
+ description: Customize the alert output to be sent out in notifications when the alert triggers.
+ properties:
+ fieldName:
+ type: string
+ description: Specify the fields to be included in the notification.
+ regex:
+ type: string
+ description: Trims the data using regex filters. [Learn more](https://docs.logz.io/user-guide/alerts/regex-filters.html)
+ sort:
+ type: string
+ description: Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field).
+ enum:
+ - DESC
+ - ASC
+ FilterLists:
+ type: object
+ description: Runs Elasticsearch [Bool Query](https://www.elastic.co/guide/en/elasticsearch/reference/6.8/query-dsl-bool-query.html) filters on the data (before the search query is applied). The most efficient way to grab the logs you are looking for.
+ properties:
+ must:
+ type: array
+ items:
+ type: object
+ properties:
+ match_phrase:
+ type: object
+ properties:
+ Field:
+ type: object
+ properties:
+ query:
+ type: string
+ example: value
+ must_not:
+ type: array
+ items:
+ type: object
+ properties:
+ match_phrase:
+ type: object
+ properties:
+ Field:
+ type: object
+ properties:
+ query:
+ type: string
+ example: value
+ PagedSearchResponseString:
+ type: object
+ properties:
+ total:
+ type: integer
+ format: int32
+ results:
+ type: array
+ items:
+ type: string
+ pagination:
+ $ref: '#/definitions/Pagination'
+ TagsFilter:
+ type: object
+ properties:
+ searchTerm:
+ type: string
+ TagsSearchRequest:
+ type: object
+ properties:
+ filter:
+ $ref: '#/definitions/TagsFilter'
+ pagination:
+ $ref: '#/definitions/Pagination'
+
+
+ # ::::: SIEM RULES - duplicates of rule definitions. do not exist in the swagger
+
+ RuleV2Response:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: Logz.io rule ID.
+ example: 627816
+ updatedAt:
+ type: string
+ description: Date and time in UTC when the rule was last updated.
+ example: 2020-04-02T18:58:16.000Z
+ updatedBy:
+ type: string
+ description: Email of the user who last updated the rule.
+ example: tomer@logz.io
+ createdAt:
+ type: string
+ description: Date and time in UTC when the rule was first created.
+ example: 2020-02-02T18:58:16.000Z
+ createdBy:
+ type: string
+ description: Email of the user who first created the rule.
+ example: tomer@logz.io
+ enabled:
+ type: boolean
+ description: If `true`, the rule is currently active.
+ example: true
+ title:
+ type: string
+ description: Rule title.
+ example: Excessive WARN levels in PROD
+ description:
+ type: string
+ description: A description of the event, its significance, and suggested next steps or instructions for the team.
+ example: Steps to remediate...
+ tags:
+ type: array
+ items:
+ type: string
+ description: Tags for filtering rules and triggered rules. Can be used in Kibana Discover, dashboards, and more.
+ example: [network, aws]
+ output:
+ $ref: '#/definitions/RuleOutput'
+ searchTimeFrameMinutes:
+ type: integer
+ minimum: 5
+ maximum: 1440
+ format: int32
+ description: >-
+ The time frame for evaluating the log data is a sliding window, with 1 minute granularity.
+
+
+ The recommended minimum and maximum values are not validated, but needed to guarantee the rule's accuracy.
+
+
+ The minimum recommended time frame is 5 minutes, as anything shorter will be less reliable and unnecessarily resource-heavy.
+
+
+ The maximum recommended time frame is 1440 minutes (24 hours). The rule runs on the index from today and yesterday (in UTC) and the maximum time frame increases throughout the day, reaching 48 hours exactly before midnight UTC.
+ subComponents:
+ type: array
+ description: Determines when the rule should trigger using any combination of a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ items:
+ $ref: '#/definitions/SubRule'
+ correlations:
+ $ref: '#/definitions/SubRuleCorrelation'
+ schedule:
+ type: object
+ description: Defines the intervals in which an alert will be evaluated. This feature is still in production, but the payload already contains the data.
+ properties:
+ cronExpression:
+ type: string
+ description: Cron job for the intervals schedule.
+ timezone:
+ type: string
+ description: Time zone for the cron job. If no time zone is selected, UTC will be used by default.
+ RuleOutput:
+ type: object
+ description: Automatically sends out notifications with sample results when the rule triggers.
+ properties:
+ recipients:
+ $ref: '#/definitions/RuleRecipients'
+ suppressNotificationsMinutes:
+ type: integer
+ format: int32
+ minimum: 5
+ maximum: 1440
+ description: Add a waiting period in minutes to space out notifications. (The rule will still trigger but will not send out notifications during the waiting period.)
+ example: 60
+ type:
+ type: string
+ description: Selects the output format for the rule notification. If the rule has no aggregations/group by fields, `JSON` offers the option to send full sample logs without selecting specific fields.
+ enum:
+ - JSON
+ - TABLE
+ RuleQuery:
+ type: object
+ description: Determines when the rule should trigger using any combination of a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ properties:
+ query:
+ type: string
+ description: >-
+ Provide a Kibana search query written in Lucene syntax. The search query together with the filters select for the relevant logs.
+
+
+ Cannot be null - send an asterisk wildcard `*` if not using a search query.
+ default: "*"
+ nullable: false
+ example: type:apache_access
+ filters:
+ $ref: '#/definitions/BoolFilter'
+ groupBy:
+ type: array
+ nullable: true
+ description: Specify 1-3 fields by which to group the results and count them. If you apply a group by operation, the rule returns a count of the results aggregated by unique values.
+ items:
+ type: string
+ maxItems: 3
+ minItems: 0
+ aggregation:
+ $ref: '#/definitions/Aggregation'
+ shouldQueryOnAllAccounts:
+ type: boolean
+ default: true
+ example: false
+ description: Only applicable when the rule is run from the main account. If `true`, the rule runs on the main account and all associated searchable sub accounts. If `false`, specify relevant account IDs for the rule to monitor using the `accountIdsToQueryOn` field.
+ accountIdsToQueryOn:
+ type: array
+ description: Specify Account IDs to select which accounts the rule should monitor. The rule will be checked only on these accounts.
+ items:
+ type: integer
+ format: int32
+ example: 2321
+
+ RuleRecipients:
+ type: object
+ description: Add email addresses and/or endpoint channels to automatically receive notifications with sample data when the rule triggers.
+ properties:
+ emails:
+ type: array
+ description: Array of email addresses to be notified when the rule triggers.
+ items:
+ type: string
+ example: tom.a@logz.io
+ notificationEndpointIds:
+ type: array
+ description: Array of IDs of pre-configured endpoint channels to notify when the rule triggers.
+ items:
+ type: integer
+ format: int32
+ SubRule:
+ type: object
+ properties:
+ queryDefinition:
+ $ref: '#/definitions/RuleQuery'
+ trigger:
+ $ref: '#/definitions/RuleTrigger'
+ output:
+ $ref: '#/definitions/SubRuleOutput'
+ SubRuleCorrelation:
+ type: object
+ description: >-
+ Only applicable when multiple sub-components are in use. Selects a logic for correlating the rule’s sub-components.
+
+
+ `AND` is currently the only supported operator. When `AND` is the `correlationOperator`, both sub-components must meet their triggering criteria for the rule to trigger.
+ properties:
+ correlationOperators:
+ type: array
+ items:
+ type: string
+ enum:
+ - AND
+
+ joins:
+ type: array
+ description: >-
+ Specifies which group by fields must have the same values to trigger the rule.
+
+
+ Joins the group by fields from the first and second sub-components. The key represents the index of the sub component in the array (See the example - the index of the first sub-component is 0, the second is 1).
+
+
+ The fields must be ordered pairs of the group by fields already in use in the `queryDefinition`.
+ items:
+ type: object
+ additionalProperties:
+ example: {0: "region", 1: "region"}
+ SubRuleOutput:
+ type: object
+ description: Selects the data output to be sent in the notification when the rule triggers. Not applicable, when grouping by fields or aggregating results, as the output is auto-selected.
+ properties:
+ columns:
+ type: array
+ items:
+ $ref: '#/definitions/ColumnConfig'
+ #shouldUseAllFields:
+ # type: boolean
+ # description: If `true`, the notification output will include entire logs with all of their fields in the sample data.
+ # default: true
+ RuleV2Request:
+ type: object
+ required:
+ - subComponents
+ properties:
+ title:
+ type: string
+ description: Rule title
+ example: Excessive WARN levels in PROD
+ description:
+ type: string
+ description: A description of the event, its significance, and suggested next steps or instructions for the team.
+ example: Steps to remediate...
+ tags:
+ type: array
+ items:
+ type: string
+ maxItems: 25
+ minItems: 0
+ description: Tags for filtering rules and triggered rules. Can be used in Kibana Discover, dashboards, and more.
+ example: network
+ output:
+ $ref: '#/definitions/RuleOutput'
+ searchTimeFrameMinutes:
+ type: integer
+ minimum: 5
+ maximum: 1440
+ format: int32
+ description: >-
+ The time frame for evaluating the log data is a sliding window, with 1 minute granularity.
+
+
+ The recommended minimum and maximum values are not validated, but needed to guarantee the rule's accuracy.
+
+
+ The minimum recommended time frame is 5 minutes, as anything shorter will be less reliable and unnecessarily resource-heavy.
+
+
+ The maximum recommended time frame is 1440 minutes (24 hours). The rule runs on the index from today and yesterday (in UTC) and the maximum time frame increases throughout the day, reaching 48 hours exactly before midnight UTC.
+ example: 20
+ subComponents:
+ type: array
+ description: Sets the search criteria using a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ items:
+ $ref: '#/definitions/SubRule'
+ correlations:
+ $ref: '#/definitions/SubRuleCorrelation'
+ enabled:
+ type: boolean
+ description: If `true`, the alert is enabled and active.
+ RuleTrigger:
+ type: object
+ description: Sets the triggering threshold and severity tab to label the event when the rule triggers.
+ properties:
+ operator:
+ type: string
+ enum:
+ - LESS_THAN
+ - GREATER_THAN
+ - LESS_THAN_OR_EQUALS
+ - GREATER_THAN_OR_EQUALS
+ - EQUALS
+ - NOT_EQUALS
+ example: GREATER_THAN_OR_EQUALS
+ description: Specifies the operator for evaluating the results.
+ severityThresholdTiers:
+ type: object
+ description: >-
+ Sets a severity label per trigger threshold as a key:value pair.
+
+
+ If using more than one sub-component, only 1 severityThresholdTiers is allowed. Otherwise, 1 per `enum` are allowed (for a total of 5 thresholds of increasing severities).
+
+
+ Increasing severity must adhere to the logic of the operator.
+ enum:
+ - INFO
+ - LOW
+ - MEDIUM
+ - HIGH
+ - SEVERE
+ additionalProperties:
+ default:
+ MEDIUM: 10.0
+ example:
+ MEDIUM: 10.0
+ HIGH: 100.0
+ SEVERE: 300.0
+
+ RuleColumnConfig:
+ type: object
+ description: Customize the rule output to be sent out in notifications when the rule triggers.
+ properties:
+ fieldName:
+ type: string
+ description: Specify the fields to be included in the notification.
+ regex:
+ type: string
+ description: Trims the data using regex filters. [Learn more](https://docs.logz.io/user-guide/alerts/regex-filters.html)
+ sort:
+ type: string
+ description: Specify a single field to sort by. The field cannot be an analyzed field (a field that supports free text search or searching by part of a message, such as the 'message' field).
+ enum:
+ - DESC
+ - ASC
+
+ SecurityRuleResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: Logz.io security rule ID.
+ example: 627816
+ updatedAt:
+ type: string
+ description: Date and time in UTC when the rule was last updated.
+ example: 2020-04-02T18:58:16.000Z
+ updatedBy:
+ type: string
+ description: Email of the user who last updated the rule.
+ example: tomer@logz.io
+ createdAt:
+ type: string
+ description: Date and time in UTC when the rule was first created updated.
+ example: 2020-02-02T18:58:16.000Z
+ createdBy:
+ type: string
+ description: Email of the user who first created the rule.
+ example: tomer@logz.io
+ enabled:
+ type: boolean
+ description: If `true`, the rule is currently active.
+ exampe: true
+ title:
+ type: string
+ description: Rule title.
+ example: Excessive WARN levels in PROD
+ description:
+ type: string
+ description: A description of the event, its significance, and suggested next steps or instructions for the team.
+ example: Steps to remediate...
+ tags:
+ type: array
+ items:
+ type: string
+ description: Tags for filtering rules and triggered rules. Can be used in Kibana Discover, dashboards, and more.
+ example: [network, aws]
+ output:
+ $ref: '#/definitions/RuleOutput'
+ searchTimeFrameMinutes:
+ type: integer
+ minimum: 5
+ maximum: 1440
+ format: int32
+ description: >-
+ The time frame for evaluating the log data is a sliding window, with 1 minute granularity.
+
+
+ The recommended minimum and maximum values are not validated, but needed to guarantee the rule's accuracy.
+
+
+ The minimum recommended time frame is 5 minutes, as anything shorter will be less reliable and unnecessarily resource-heavy.
+
+
+ The maximum recommended time frame is 1440 minutes (24 hours). The rule runs on the index from today and yesterday (in UTC) and the maximum time frame increases throughout the day, reaching 48 hours exactly before midnight UTC.
+ subComponents:
+ type: array
+ description: Determines when the rule should trigger using any combination of a search query, filters, group by aggregations, accounts to search, and trigger conditions.
+ items:
+ $ref: '#/definitions/SubRule'
+ correlations:
+ $ref: '#/definitions/SubRuleCorrelation'
+ protected:
+ type: boolean
+ description: >-
+ If `true`, the rule is pre-defined by Logz.io. Protected parameters cannot be edited. The only parameters that can be edited are
+
+
+ * `shouldQueryOnAllAccounts`
+
+ * `accountIdsToQueryOn`
+
+ * `severityThresholdTiers`
+
+ * `tags`
+
+ * `description`
+
+ * `enabled`
+
+ * `output` (in `subComponents`)
+
+ * `searchTimeFrameMinutes`
+ schedule:
+ type: object
+ description: Defines the intervals in which an alert will be evaluated. This feature is still in production, but the payload already contains the data.
+ properties:
+ cron:
+ type: string
+ description: Cron job for the intervals schedule.
+ timezone:
+ type: string
+ description: Time zone for the cron job. If no time zone is selected, UTC will be used by default.
+ mitreTags:
+ type: array
+ items:
+ type: string
+ description: Tags used for classifying, discussing, and interpreting security incidents. This feature is currently under development.
+
+ # ::::: RESTORE FROM ARCHIVE DEFINITIONS
+ RestoreAccountConfiguration:
+ type: object
+ properties:
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the restored account in Logz.io
+ maxActiveRestoreAccounts:
+ type: integer
+ format: int32
+ maxInProgressRestoresPerAccount:
+ type: integer
+ format: int32
+ maxRestoreDurationInHours:
+ type: integer
+ format: int32
+ accountExpirationTimeInDays:
+ type: integer
+ format: int32
+ maxVolumeInGB:
+ type: number
+ format: float
+ RestoreApiResponse:
+ type: object
+ properties:
+ id:
+ type: integer
+ format: int32
+ description: ID of the restore operation in Logz.io
+ example: 42
+ accountId:
+ type: integer
+ format: int32
+ description: ID of the restored account in Logz.io
+ example: 564321
+ accountName:
+ type: string
+ description: Name of the restored account
+ example: My account name
+ restoredVolumeGb:
+ type: number
+ format: float
+ nullable: true
+ description: Volume of data restored so far. If the restore operation is still in progress, this will be continuously updated.
+ example: 99
+ status:
+ type: string
+ enum:
+ - IN_PROGRESS
+ - ACTIVE
+ - LIMIT_EXCEEDED
+ - ABORTED
+ - FAILED
+ - DELETED
+ - EXPIRED
+ description: >-
+ Returns the current status of the restored account.
+
+ - IN_PROGRESS - Data is being restored and is not yet available for querying or searching in Kibana.
+
+ - ACTIVE - The restored account is active and available for searching and querying in Kibana. Be sure to search the data in its original timestamp.
+
+ - LIMIT_EXCEEDED - The data exceeded 100 GB and caused the restore action to fail.
+
+ - ABORTED - A user aborted the restore operation before it completed. Only one account can be restored at a time.
+
+ - FAILED - The restored account failed to restore the data.
+
+ - DELETED - The restored account was deleted by a user.
+
+ - EXPIRED - Restored accounts automatically expire after a number of days, as indicated by `expiresAt`.
+ example: ACTIVE
+ startTime:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the earliest logs to be restored.
+ example: 1589947200.000000000
+ endTime:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the latest logs to be restored.
+ example: 1589954400.000000000
+ createdAt:
+ type: integer
+ format: int64
+ description: Timestamp when the restore process was created and entered the queue. (Since only one account can be restored at a time, the process may not initiate immediately.)
+ example: 1591902426.000000000
+ startedAt:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds when the restore process initiated.
+ nullable: true
+ example: 1591902428.000000000
+ finishedAt:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds when the restore process completed.
+ nullable: true
+ example: 1591902461.000000000
+ expiresAt:
+ type: integer
+ format: int64
+ nullable: true
+ description: UNIX timestamp in milliseconds specifying when the account is due to expire. Restored accounts expire automatically after a number of days, as specified in the account's terms.
+ example: 1592334461.000000000
+ RestoreApiRequest:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Name of the restored account
+ example: My account name
+ startTime:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the earliest logs to be restored.
+ example: 1589947200.000000000
+ endTime:
+ type: integer
+ format: int64
+ description: UNIX timestamp in milliseconds specifying the latest logs to be restored.
+ example: 1589954400.000000000
+
+ RestoreRequest:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Name of Account
+ example:
+ archiveSettingsId:
+ type: integer
+ format: int32
+ description: Archive Settings Id
+ example:
+ startTime:
+ type: integer
+ format: int64
+ description: Restore Start Time
+ example:
+ endTime:
+ type: integer
+ format: int64
+ description: Restore End Time
+ example: