HTTP API queries
Requests
HTTP API queries are made using JSON over HTTPS (referred to here as HTTP requests). These API calls can be made with a variety of tools and programming languages (for API calls made with gRPC see the gRPC documentation).
To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.
Requirements
All requests must use HTTPS. Calls made over plain HTTP will fail.
Any request that lacks proper authentication will be rejected. To authenticate, add an Authorization Bearer <cx_api_key> header to your API request. It contains a Bearer Token, which identifies a single user, bot user, or workspace-application relationship for authentication.
Use the DataPrime endpoint that matches your Coralogix domain.
Request payload body
When submitting data to a resource via POST, you must submit your payload in JSON. The only required field in the API body is query. All other fields are optional and form the metadata object.
Note
Background queries require more fields than just query. See background queries below.
The following example consists of a JSON object that represents the request:
{
"query": "source logs | limit 100",
"metadata": { // metadata object is optional
"tier": "TIER_FREQUENT_SEARCH", // TIER_ARCHIVE for long term storage
"syntax": "QUERY_SYNTAX_DATAPRIME", // QUERY_SYNTAX_LUCENE for Lucene queries
"startDate": "2023-05-29T11:20:00.00Z", // UTC
"endDate": "2023-05-29T11:30:00.00Z", // UTC
"defaultSource": "logs"
}
}
Note
If the time zone of your timestamp differs, convert it to UTC or offset the timestamp to your time zone by navigating to Account settings > Preferences > Change your time zone settings. For example, to start the query at 11:20 local time:
In San Francisco (Pacific Daylight Time): 2023-05-29T11:20:00.00-07:00
In India (India Standard Time): 2023-05-29T11:20:00.00+05:30
Note
When querying archived logs using the API, you must explicitly specify "tier": "TIER_ARCHIVE" in the metadata object of your request. Otherwise, the default is "tier": "TIER_FREQUENT_SEARCH".
Direct API query
https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query
curl --location 'https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <API key>' \
--data '{
"query": "source logs | limit 10"
}'
Note
When working with curl or similar command-line tools to make JSON over HTTP API requests, it's important to understand how your shell (typically Bash) processes quotes inside command arguments. This becomes especially relevant when your request payload includes JSON — and even more so when the JSON contains both single and double quotes. Find out more here.
import requests
import json
endpoint = "https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query"
api_key = "<API key>"
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {api_key}"
}
payload = {"query": "source logs | limit 10"}
response = requests.post(endpoint, headers=headers, json=payload)
if response.status_code == 200:
try:
for part in response.text.strip().split("\n"):
print(json.loads(part))
except json.JSONDecodeError:
print("Response is not valid JSON:")
print(response.text)
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const endpoint = 'https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query';
const apiKey = '<API key>';
const payload = {
query: 'source logs | limit 10',
};
fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${apiKey}`,
},
body: JSON.stringify(payload),
})
.then(async (res) => {
const text = await res.text();
if (!res.ok) throw new Error(`HTTP ${res.status}`);
console.log('Status:', res.status);
console.log('Response:', text);
})
.catch(err => {
console.error('Error:', err);
});
package main
import (
"bytes"
"fmt"
"io"
"net/http"
)
func main() {
url := "https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query"
apiKey := "<API key>"
payload := []byte(`{
"query": "source logs | limit 10"
}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(payload))
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+apiKey)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Request error:", err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println("Error reading response:", err)
return
}
fmt.Println("Status:", resp.Status)
fmt.Println("Response:")
fmt.Println(string(body))
}
<?php
$url = "https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query";
$apiKey = "<API key>";
$payload = [
"query" => "source logs | limit 10"
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer $apiKey"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$response = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo "Status: $httpStatus\n";
echo "Response: $response\n";
?>
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
public class CoralogixQuery {
public static void main(String[] args) throws Exception {
String endpoint = "https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query";
String apiKey = "<API key>";
URL url = new URL(endpoint);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer " + apiKey);
con.setDoOutput(true);
String payload = "{\"query\": \"source logs | limit 10\"}";
try (OutputStream os = con.getOutputStream()) {
byte[] input = payload.getBytes("utf-8");
os.write(input, 0, input.length);
}
int status = con.getResponseCode();
InputStream responseStream = (status < 400) ? con.getInputStream() : con.getErrorStream();
BufferedReader in = new BufferedReader(new InputStreamReader(responseStream));
String line;
StringBuilder response = new StringBuilder();
while ((line = in.readLine()) != null) {
response.append(line.trim());
}
in.close();
System.out.println("Status: " + status);
System.out.println("Response: " + response.toString());
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program {
static async Task Main() {
var client = new HttpClient();
var url = "https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/query";
var apiKey = "<API key>";
var payload = "{\"query\": \"source logs | limit 10\"}";
var content = new StringContent(payload, Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Status: {(int)response.StatusCode}");
Console.WriteLine("Response:");
Console.WriteLine(result);
}
}
API response
The Content-Type representation header is used to indicate the original media type of the resource (before any content encoding is applied for sending). In responses, a Content-Type header provides the client with the actual content type of the returned content.
Correct results are returned in batches. Each batch may contain multiple rows of results, which are returned as Newline Delimited JSON or ndjson format.
The response will consist of 2 JSON objects. The first will contain the queryId and the second will contain the result of the DataPrime query.
{
"queryId": {
"queryId": "12345678-07f8-4313-1234-d954b1b45d31"
}
}
{
"result": {
"results": [
{
"metadata": [
{
"key": "logid",
"value": "c3ca5343-88dc-4807-a8f3-82832274afb7"
}
],
"labels": [
{
"key": "applicationname",
"value": "staging"
}
],
"userData": "{ ... \"log_obj\":{\"level\":\"INFO\",\"message\":\"some log message\" ... }, ...}"
}
]
}
}
Background queries HTTP API overview
The Background Queries JSON over HTTP API enables you to run high-latency, long-running queries asynchronously using DataPrime or Lucene syntax from scripts or CLI. Ideal for recurring, extensive analytical tasks—such as monthly or quarterly reports—this feature operates in the background, allowing you to continue active monitoring within the Coralogix platform.
Submit a background query
https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/background-query
In addition to the query field, syntax, startDate, and endDate are required fields for background queries.
Note
The structure of the query below is different from direct queries above, specifically that background queries don't contain the matadata nested object.
{
"query": "source logs",
"syntax": "QUERY_SYNTAX_DATAPRIME", // QUERY_SYNTAX_LUCENE for Lucene
"startDate": "2025-01-20T00:00:00Z", // UTC
"endDate": "2025-01-20T01:00:00Z", // UTC
"nowDate": "2025-01-20T02:00:00Z", // (optional field) UTC
"tier": "TIER_ARCHIVE", // (optional field) TIER_FREQUENT_SEARCH for Frequent Search
"limit": 2000 // (optional field) Max number of results. Default is 2000
}
curl --location 'https://ng-api-http.coralogix.com/api/v1/dataprime/background-query' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <API key>' \
--data '{
"query": "source logs | limit 101",
"syntax": "QUERY_SYNTAX_DATAPRIME",
"startDate": "2025-01-20T00:00:00Z",
"endDate": "2025-01-20T01:00:00Z",
"nowDate": "2025-01-20T02:00:00Z"
}'
import requests
import json
endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query"
api_key = "<API key>"
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {api_key}"
}
payload = {"query": "source logs | limit 10"}
response = requests.post(endpoint, headers=headers, json=payload)
if response.status_code == 200:
try:
for part in response.text.strip().split("\n"):
print(json.loads(part))
except json.JSONDecodeError:
print("Response is not valid JSON:")
print(response.text)
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const endpoint = 'https://ng-api-http.coralogix.com/api/v1/dataprime/background-query';
const apiKey = '<API key>';
const payload = {
query: "source logs | limit 101",
syntax: "QUERY_SYNTAX_DATAPRIME",
startDate: "2025-01-20T00:00:00Z",
endDate: "2025-01-20T01:00:00Z",
nowDate: "2025-01-20T02:00:00Z"
};
fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${apiKey}`,
},
body: JSON.stringify(payload),
})
.then(async (res) => {
const text = await res.text();
if (!res.ok) throw new Error(`HTTP ${res.status}`);
console.log('Status:', res.status);
console.log('Response:', text);
})
.catch(err => {
console.error('Error:', err);
});
package main
import (
"bytes"
"fmt"
"io"
"net/http"
)
func main() {
url := "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query"
apiKey := "<API key>"
payload := []byte(`{
"query": "source logs | limit 101",
"syntax": "QUERY_SYNTAX_DATAPRIME",
"startDate": "2025-01-20T00:00:00Z",
"endDate": "2025-01-20T01:00:00Z",
"nowDate": "2025-01-20T02:00:00Z"
}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(payload))
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+apiKey)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Request error:", err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println("Error reading response:", err)
return
}
fmt.Println("Status:", resp.Status)
fmt.Println("Response:")
fmt.Println(string(body))
}
<?php
$url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query";
$apiKey = "<API key>";
$payload = [
"query" => "source logs | limit 101",
"syntax" => "QUERY_SYNTAX_DATAPRIME",
"startDate" => "2025-01-20T00:00:00Z",
"endDate" => "2025-01-20T01:00:00Z",
"nowDate" => "2025-01-20T02:00:00Z"
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer $apiKey"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$response = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo "Status: $httpStatus\n";
echo "Response: $response\n";
?>
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
public class CoralogixQuery {
public static void main(String[] args) throws Exception {
String endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query";
String apiKey = "<API key>";
URL url = new URL(endpoint);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer " + apiKey);
con.setDoOutput(true);
String payload = """
{
"query": "limit 101",
"syntax": "QUERY_SYNTAX_DATAPRIME",
"startDate": "2025-01-20T00:00:00Z",
"endDate": "2025-01-20T01:00:00Z",
"nowDate": "2025-01-20T02:00:00Z"
}
""";
try (OutputStream os = con.getOutputStream()) {
byte[] input = payload.getBytes("utf-8");
os.write(input, 0, input.length);
}
int status = con.getResponseCode();
InputStream responseStream = (status < 400) ? con.getInputStream() : con.getErrorStream();
BufferedReader in = new BufferedReader(new InputStreamReader(responseStream));
String line;
StringBuilder response = new StringBuilder();
while ((line = in.readLine()) != null) {
response.append(line.trim());
}
in.close();
System.out.println("Status: " + status);
System.out.println("Response: " + response.toString());
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program {
static async Task Main() {
var client = new HttpClient();
var url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query";
var apiKey = "<API key>";
var payload = "{"
+ "\"query\": \"limit 101\","
+ "\"syntax\": \"QUERY_SYNTAX_DATAPRIME\","
+ "\"startDate\": \"2025-01-20T00:00:00Z\","
+ "\"endDate\": \"2025-01-20T01:00:00Z\","
+ "\"nowDate\": \"2025-01-20T02:00:00Z\""
+ "}";
var content = new StringContent(payload, Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Status: {(int)response.StatusCode}");
Console.WriteLine("Response:");
Console.WriteLine(result);
}
}
Response
Get status of a background query
https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/background-query/status
import requests
import json
endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status"
api_key = "<API key>"
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {api_key}"
}
payload = {"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}
response = requests.post(endpoint, headers=headers, json=payload)
if response.status_code == 200:
try:
for part in response.text.strip().split("\n"):
print(json.loads(part))
except json.JSONDecodeError:
print("Response is not valid JSON:")
print(response.text)
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const endpoint = 'https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status';
const apiKey = '<API key>';
const payload = {queryId: "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"};
fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${apiKey}`,
},
body: JSON.stringify(payload),
})
.then(async (res) => {
const text = await res.text();
if (!res.ok) throw new Error(`HTTP ${res.status}`);
console.log('Status:', res.status);
console.log('Response:', text);
})
.catch(err => {
console.error('Error:', err);
});
package main
import (
"bytes"
"fmt"
"io"
"net/http"
)
func main() {
url := "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status"
apiKey := "<API key>"
payload := []byte(`{"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(payload))
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+apiKey)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Request error:", err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println("Error reading response:", err)
return
}
fmt.Println("Status:", resp.Status)
fmt.Println("Response:")
fmt.Println(string(body))
}
<?php
$url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status";
$apiKey = "<API key>";
$payload = ["queryId" => "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer $apiKey"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$response = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo "Status: $httpStatus\n";
echo "Response: $response\n";
?>
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
public class CoralogixQuery {
public static void main(String[] args) throws Exception {
String endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status";
String apiKey = "<API key>";
URL url = new URL(endpoint);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer " + apiKey);
con.setDoOutput(true);
String payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}";
try (OutputStream os = con.getOutputStream()) {
byte[] input = payload.getBytes("utf-8");
os.write(input, 0, input.length);
}
int status = con.getResponseCode();
InputStream responseStream = (status < 400) ? con.getInputStream() : con.getErrorStream();
BufferedReader in = new BufferedReader(new InputStreamReader(responseStream));
String line;
StringBuilder response = new StringBuilder();
while ((line = in.readLine()) != null) {
response.append(line.trim());
}
in.close();
System.out.println("Status: " + status);
System.out.println("Response: " + response.toString());
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program {
static async Task Main() {
var client = new HttpClient();
var url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/status";
var apiKey = "<API key>";
var payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}"
var content = new StringContent(payload, Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Status: {(int)response.StatusCode}");
Console.WriteLine("Response:");
Console.WriteLine(result);
}
}
Response
{
"terminated": {
"runningSince": "2025-01-23T15:16:01Z",
"terminatedAt": "2025-01-23T15:16:01Z",
"success": {}
},
"submittedAt": "2025-01-23T15:15:58Z",
"metadata": [
{
"statistics": {
"bytesScanned": "506070"
}
}
],
"warnings": []
}
Cancel a background query
https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/background-query/cancel
import requests
import json
endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel"
api_key = "<API key>"
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {api_key}"
}
payload = {"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}
response = requests.post(endpoint, headers=headers, json=payload)
if response.status_code == 200:
try:
for part in response.text.strip().split("\n"):
print(json.loads(part))
except json.JSONDecodeError:
print("Response is not valid JSON:")
print(response.text)
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const endpoint = 'https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel';
const apiKey = '<API key>';
const payload = {queryId: "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"};
fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${apiKey}`,
},
body: JSON.stringify(payload),
})
.then(async (res) => {
const text = await res.text();
if (!res.ok) throw new Error(`HTTP ${res.status}`);
console.log('Status:', res.status);
console.log('Response:', text);
})
.catch(err => {
console.error('Error:', err);
});
package main
import (
"bytes"
"fmt"
"io"
"net/http"
)
func main() {
url := "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel"
apiKey := "<API key>"
payload := []byte(`{"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(payload))
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+apiKey)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Request error:", err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println("Error reading response:", err)
return
}
fmt.Println("Status:", resp.Status)
fmt.Println("Response:")
fmt.Println(string(body))
}
<?php
$url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel";
$apiKey = "<API key>";
$payload = ["queryId" => "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer $apiKey"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$response = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo "Status: $httpStatus\n";
echo "Response: $response\n";
?>
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
public class CoralogixQuery {
public static void main(String[] args) throws Exception {
String endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel";
String apiKey = "<API key>";
URL url = new URL(endpoint);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer " + apiKey);
con.setDoOutput(true);
String payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}";
try (OutputStream os = con.getOutputStream()) {
byte[] input = payload.getBytes("utf-8");
os.write(input, 0, input.length);
}
int status = con.getResponseCode();
InputStream responseStream = (status < 400) ? con.getInputStream() : con.getErrorStream();
BufferedReader in = new BufferedReader(new InputStreamReader(responseStream));
String line;
StringBuilder response = new StringBuilder();
while ((line = in.readLine()) != null) {
response.append(line.trim());
}
in.close();
System.out.println("Status: " + status);
System.out.println("Response: " + response.toString());
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program {
static async Task Main() {
var client = new HttpClient();
var url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/cancel";
var apiKey = "<API key>";
var payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}"
var content = new StringContent(payload, Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Status: {(int)response.StatusCode}");
Console.WriteLine("Response:");
Console.WriteLine(result);
}
}
Response
Get background query data
https://ng-api-http.<span class="domain-value"></span>/api/v1/dataprime/background-query/data
import requests
import json
endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data"
api_key = "<API key>"
headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {api_key}"
}
payload = {"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}
response = requests.post(endpoint, headers=headers, json=payload)
if response.status_code == 200:
try:
for part in response.text.strip().split("\n"):
print(json.loads(part))
except json.JSONDecodeError:
print("Response is not valid JSON:")
print(response.text)
else:
print(f"Request failed with status code {response.status_code}")
print(response.text)
const endpoint = 'https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data';
const apiKey = '<API key>';
const payload = {queryId: "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"};
fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${apiKey}`,
},
body: JSON.stringify(payload),
})
.then(async (res) => {
const text = await res.text();
if (!res.ok) throw new Error(`HTTP ${res.status}`);
console.log('Status:', res.status);
console.log('Response:', text);
})
.catch(err => {
console.error('Error:', err);
});
package main
import (
"bytes"
"fmt"
"io"
"net/http"
)
func main() {
url := "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data"
apiKey := "<API key>"
payload := []byte(`{"queryId": "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(payload))
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer "+apiKey)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Request error:", err)
return
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Println("Error reading response:", err)
return
}
fmt.Println("Status:", resp.Status)
fmt.Println("Response:")
fmt.Println(string(body))
}
<?php
$url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data";
$apiKey = "<API key>";
$payload = ["queryId" => "c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64"];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer $apiKey"
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$response = curl_exec($ch);
$httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo "Status: $httpStatus\n";
echo "Response: $response\n";
?>
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
public class CoralogixQuery {
public static void main(String[] args) throws Exception {
String endpoint = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data";
String apiKey = "<API key>";
URL url = new URL(endpoint);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Authorization", "Bearer " + apiKey);
con.setDoOutput(true);
String payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}";
try (OutputStream os = con.getOutputStream()) {
byte[] input = payload.getBytes("utf-8");
os.write(input, 0, input.length);
}
int status = con.getResponseCode();
InputStream responseStream = (status < 400) ? con.getInputStream() : con.getErrorStream();
BufferedReader in = new BufferedReader(new InputStreamReader(responseStream));
String line;
StringBuilder response = new StringBuilder();
while ((line = in.readLine()) != null) {
response.append(line.trim());
}
in.close();
System.out.println("Status: " + status);
System.out.println("Response: " + response.toString());
}
}
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
class Program {
static async Task Main() {
var client = new HttpClient();
var url = "https://ng-api-http.coralogix.com/api/v1/dataprime/background-query/data";
var apiKey = "<API key>";
var payload = "{\"queryId\": \"c80fa3e7-fa5b-441a-b0d4-acdbdbe36e64\"}"
var content = new StringContent(payload, Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Status: {(int)response.StatusCode}");
Console.WriteLine("Response:");
Console.WriteLine(result);
}
}
Response
{
"response": {
"results": {
"results": [
{
"metadata": [...],
"labels": [...],
"userData": "..."
},
...
]
}
}
},
{
...
}
...
Responses
The Content-Type representation header indicates the original media type of the resource before any content encoding is applied for transmission.
In responses, the Content-Type header informs the client of the actual content type of the returned data.
Data endpoint results are returned in batches, with each batch containing multiple rows formatted as Newline Delimited JSON (NDJSON). Other types of responses are returned in standard JSON format.
Failed requests
The general format guidelines are displayed when the accompanying status code is returned.
| Status code | Description |
|---|---|
| 200 | No Error |
| 400 | Bad Request |
| 403 | Forbidden |
A 400 error typically means the user made a malformed request.
A 403 error typically means that there was problem with the API key. See your API keys page or administrator for more information.
Warnings
The Warning response contains information about possible problems with the status of the message. More than one Warning header may appear in a response.
Warning responses can be applied to any message, before or after query results.
| Warning type | Description |
|---|---|
| CompileWarning | Warning of potential compilation error in your query. In the event of a compilation failure, you will receive an error response. |
| TimeRangeWarning | When the time frame for your query has been built incorrectly or exceeds internal limits |
| NumberOfResultsLimitWarning | When the number of query results exceeds internal limits |
| BytesScannedLimitWarning | When the number of bytes returned in query results exceeds internal limits |
| DeprecationWarning | When a value in your query is changed or deprecated incorrectly |
Limitations
Background Queries are designed for extended operations and have the following limitations:
- Execution time: Queries are limited to a maximum execution time of 30 minutes, compared to 5 minutes in Explore.
- Data latency: Results may take longer to process due to the extended time ranges and larger data scans supported.
- Queued or pending queries: When a limit of 50 is reached, new queries cannot be submitted. Queries will remain queued until your team quota rises above zero.
When a limit is reached, a warning message is displayed. To prevent hitting these limits, refine your DataPrime queries using techniques outlined in this troubleshooting guide.
Warnings are returned when a limit is breached. See the limitations page for more details.
Previous 
API queries
API queries Next gRPC API queries
Theme 
Light
light
dark
Light light dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal