This article lists and describes the parameters you can use in Devo Query API query requests as well as the different response formats:
...
Add the following path to your endpoint to launch a query:
Status subtle true colour Yellow title POST
/query
Status | ||||||
---|---|---|---|---|---|---|
|
Parameters
Parameter | Type | Description |
---|---|---|
Content-Type *required | String (header) | This is always application/json |
Authorization | String (header) | Include this header if you want to use a token to authorize your request. When you use a token, only the See Authorizing Query API requests for more information. |
x-logtrust-apikey | String (header) | This is the Devo domain API key found in Administration → Credentials. |
x-logtrust-sign | String (header) | HMAC SHA-256 using the API_SECRET to sign the concatenation of the api_key, body message and timestamp |
x-logtrust-timestamp | String (header) | Timestamp in milliseconds. |
query | String (body) | This is the query that you want to run expressed in LINQ script. To find the query's LINQ script, open the query in the Data Search area, then choose Toggle Query Editor from the toolbar. The body of the request must contain either the |
queryId | String (body) | This is the ID of the query that you want to run. To find the query ID, open the query in the Data Search area, then choose Additional Tools → Query Info → Get ID. The body of the request must contain either the |
from *required | Number (body) | The start date as a UTC timestamp in seconds. See the Relative dates section below to learn more about this parameter. |
to | Number (body) | The end date as a UTC timestamp in seconds. If this parameter is left out, the query will be continuous. See the Relative dates section below to learn more about this parameter. |
mode | Object (body) | This object contains the mode.type parameter to specify the format of the response. If left out of the request body, the default response type JSON will be used. |
mode.type | String (body) | The format in which you want the response to be sent. The possible values are:
These response formats are fully described later in this article. When you indicate a response format other than |
destination | Object (body) | This object specifies where the response should be sent. If this object is left out of the request body, the response will be sent back to the request source. |
destination.type | String (body) | This is the type of system to which the response should be sent. The possible values are:
Depending on the |
destination.params | List (body) | Destination parameters, the depend on the destination.type . Check the HDFS, Kafka, S3, email and SNMP articles to see the parameters required for each destination. |
dateFormat | String (body) | This is only required when you specify a
|
timeZone | String (body) | Change the timezone of the query, only for mode types different from JSON. This parameter supports any positive or negative GMT timezones, like |
skip/offset | Number (body) | You can use either the |
limit | Number (body) | Limit the results of the query. The query will stop after returning the first X elements of the query or reaching its end. |
ipAsString | Boolean (body) | Set this parameter to true (ipAsString = true) if you want to get IP addresses as dotted strings (for example, 94.2.23.1 ). If you don't add this parameter in your request or set it to false, IP addresses will be returned as numbers (for example, 1577195265 ). |
progressInfo | Boolean (body) | Set this parameter to true if you want to get progress info about the requested query. You will get an entry p with the timestamp of the event that is being processed at that moment. Progress info will be sent at most once every 5s. This is only available if you set |
...
Operator | Description |
---|---|
h | Enter a number followed by
|
ah | Enter a number followed by
|
Anchor Query response formats Query response formats
Query response formats
Query response formats | |
Query response formats |
Responses to your queries can be either returned to the source of the request or forwarded to an HDFS, S3, or Kafka type system.
...
Field name | Description |
---|---|
name | Name of the field. |
type | The data type of the value returned. This will be one of:
|
- The object
d
includes lightweight event info.
Example
Here is an example of a response in JSON/compact format that occurred without error:
...