Coralogix provides an Elastic API that allows you to query your hosted Elasticsearch instances securely and with ease.
In order to use the Elasticsearch API it is necessary to:
Cluster your team URL | Elasticsearch-api |
EU coralogix.com | https://coralogix-esapi.coralogix.com:9443 |
IN app.coralogix.in | https://es-api.app.coralogix.in:9443 |
US app.coralogix.us | https://esapi.coralogix.us:9443 |
EU2 app.eu2.coralogix.com | https://es-api.eu2.coralogix.com:9443 |
SG app.coralogixsg.com | https://es-api.coralogixsg.com:9443 |
The API request should contain the following:
Examples:
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
"query": {
"bool": {
"must":
[
{
"term": {
"coralogix.metadata.applicationName": "PROD"
}
},
{
"range": {
"coralogix.timestamp": {
"gte": "now-15m",
"lt": "now"
}
}
}
]
}
},
"aggs": {
"severities": {
"terms": {
"field": "coralogix.metadata.severity"
}
}
}
}'
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
"query": {
"bool": {
"must":
[
{
"match": {
"text": "created"
}
},
{
"range": {
"coralogix.timestamp": {
"gte": "now-15m",
"lt": "now"
}
}
}
]
}
}
}'
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
"query": {
"bool": {
"filter":[{
"query_string": {
"query": "YOUR QUERY"
}
},
{
"range": {
"coralogix.timestamp": {
"gte": "2019-10-23T14:00:00",
"time_zone": "+03:00"
}
}
}
]
}
}
}'
The initial scroll API request should contain the following:
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
"size": 1000,
"query": {
"bool": {
"filter": [{
"query_string": {
"query": "YOUR QUERY"
}
},
{
"range": {
"coralogix.timestamp": {
"gte": "now-24h",
"lt": "now"
}
}
}
]
}
}
}'
You will receive the first batch of logs along with a new field in the root of the response named _scroll_id.
That same scroll_id should be used in subsequent requests to create the pagination, and obtain the next log batch. You should repeat the second request until all logs are retrieved.
Second and subsequent scroll API requests, should contain the following:
Example #1:
curl -H 'token:Logs Query Key' -H "Content-type: application/json" -d '{
"scroll": "5m",
"scroll_id": "YOUR_SCROLL_ID"
}'
Example #2:
curl --location --request POST 'https://esapi.coralogix.us:9443/_search/scroll/' \
--header 'token: Logs Query Key' \
--header 'Content-Type: application/json' \
--data-raw '{
"scroll": "5m",
"scroll_id": "YOUR_SCROLL_ID"
}'
The last log page retrieved will show and empty array at the bottom of the page:
"hits": []
This indicates that there are no more log pages to retrieve.
The Coralogix Elastic API provides the capabilities of the Elasticsearch API with the following limitations: