Get-your-work-done-even-faster-with-the-Logentries-REST-API

Now you can get your work done even faster by automating tasks with the Logentries REST API. With the ability to programmatically query data, manage users, create alerts and integrate third party tools, it’s now easier to finish the job and get on with your day.

Table of contents

On-demand Webinar

Interested in learning more about the Logentries REST API? View our previously recorded webinar that explored how the Logentries APIs can help solve common challenges.

Webinar Details
Recorded: Wednesday, September 7, 2016 @ 11:00 AM EDT
Click here to view the webinar!

Query API

The REST Query API provides a powerful way for your users and systems to programmatically query log data without accessing the Logentries user interface.

Any LEQL query you would normally enter into the Logentries query bar can be submitted to the API. Your request will return calculated results or lists of log events as a JSON object.

With the Logentries REST Query API you can:

  • Query and analyze your data programmatically
  • Quickly retrieve JSON objects that represent the results of LEQL functions or search query results
  • Easily integrate Logentries data with internal or third party applications

Example Usage

Below is an example python script that uses the Query API GET request.

I filled in the log key for my Apache server Access Log (combined format), added an API key, specified start and end times, and set leqlQuery to 'where(http.status=200)'.

My returned results were:

{'logs': ['*logkeyremoved*'], 'leql': {'during': {'to': 1471979100000, 'from': 1469466000000}, 'statement': 'where(http.status=200)'}, 'events'
[
{'timestamp': 1469754542499, 'message': '45.79.152.221 - - [29/Jul/2016:01:09:11 +0000] "GET / HTTP/1.0" 200 11892 "-" "-"'}, 
{'timestamp': 1469789339630, 'message': '94.102.49.26 - - [29/Jul/2016:10:49:08 +0000] "GET / HTTP/1.1" 200 11892 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"'}, 
{'timestamp': 1469916895582, 'message': '169.54.244.82 - - [30/Jul/2016:22:15:04 +0000] "GET / HTTP/1.1" 200 11873 "-" "-"'}, 
{'timestamp': 1469958008458, 'message': '208.73.20.92 - - [31/Jul/2016:09:40:17 +0000] "GET / HTTP/1.1" 200 11873 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"'}, 
...
]}

You can easily integrate the Logentries Query API with common 3rd party tools such as Hosted Graphite, Geckoboard, Kafka and other services by using the the open source tool LeExportPy. See the LeExportPy section below for more details.

For other example use cases check out our blog post Using JavaScript to interact with the REST Query API.

Team and User Management API

The Logentries Team and User Management API allows you to easily add, remove and modify account users, create teams, and restrict access.

Example Usage

The python script below uses the Logentries Team and User management API to retrieve a list of all teams in the specified account:

This returns a list of all the teams for the specified account as a JSON object. See below:

{
    "teams": [
        {
            "users": [
                {
                    "id": "********-****-****-****-************", 
                    "links": {
                        "href": "https://rest.logentries.com/management/accounts/********-****-****-****-************/users/d********-****-****-****-************", 
                        "ref": "Self"
                    }
                }
            ], 
            "id": "********-****-****-****-************", 
            "name": "Read Only Team"
        }
    ]
}

Tags and Alerts API

The tags and alerts API makes it easy to quickly create tags and set alerts to call your attention to important events.

Example Usage

In the python script below a GET request calls the Logentries Tags and Alerts API to get a list of all tags/alerts in the account associated with the specified API key.

Simply drop in (at least) the read only API key from your account. An example of the information returned is below:

{
    "tags": [
        {
            "name": "Change of a user", 
            "patterns": [
                "session closed"
            ], 
            "labels": [
                {
                    "color": "f061fb", 
                    "reserved": false, 
                    "id": "********-****-****-****-************", 
                    "name": "User Changed", 
                    "sn": 1050
                }
            ], 
            "actions": [
                {
                    "min_matches_period": "Day", 
                    "min_report_period": "Day", 
                    "min_matches_count": 1, 
                    "enabled": false, 
                    "min_report_count": 1, 
                    "targets": [
                        {
                            "alert_content_set": {}, 
                            "params_set": {
                                "users": "demo@email.com", 
                                "direct": "demo@email.com", 
                                "teams": ""
                            }, 
                            "type": "Mailto", 
                            "id": null
                        }
                    ], 
                    "type": "Alert", 
                    "id": "********-****-****-****-************"
                }
            ], 
            "sources": [
                {
                    "retention_period": "default", 
                    "stored_days": [], 
                    "id": "********-****-****-****-************", 
                    "name": "messages"
                }, 
            ], 
            "type": "Alert", 
            "id": "********-****-****-****-************"
        }, 
        {
            "name": "Authentication Failure", 
            "patterns": [
                "authentication failure"
            ], 
            "labels": [
                {
                    "color": "fb0000", 
                    "reserved": false, 
                    "id": "********-****-****-****-************", 
                    "name": "Auth Failure", 
                    "sn": 1046
                }
            ], 
            "actions": [
                {
                    "min_matches_period": "Day", 
                    "min_report_period": "Day", 
                    "min_matches_count": 5, 
                    "enabled": false, 
                    "min_report_count": 5, 
                    "targets": [
                        {
                            "alert_content_set": {}, 
                            "params_set": {
                                "users": "demo@email.com", 
                                "direct": "demo@email.com", 
                                "teams": ""
                            }, 
                            "type": "Mailto", 
                            "id": null
                        }
                    ], 
                    "type": "Alert", 
                    "id": "********-****-****-****-************"
                }
            ], 
            "sources": [
                {
                    "retention_period": "default", 
                    "stored_days": [], 
                    "id": "********-****-****-****-************", 
                    "name": "messages"
                }, 
            ], , 
            "type": "Alert", 
            "id": "********-****-****-****-************"
        }
    ]
}

LeExportPy

The open source tool LeExportPy provides a fully functional framework for capturing log data from the Logentries Query API and exporting that data to other services. Currently, integrations are available for Hosted Graphite, Geckoboard, and Kafka. Adding new integration is easy; the documentation to create a new service can be found on GitHub.

LeCLI

The open source Logentries CLI allows you to seamlessly view recent events, run queries and manage your account from the command line. The CLI leverages the Logentries REST APIs calls mentioned in this post, calls in our documentation, and will leverage future calls as API functionality is added.

Benefits of the Logentries CLI

  • Cross platform and supports all major operating systems.
  • Quickly retrieve log data and manipulate your Logentries account without using the graphical user interface.
  • Easily build scripts to take advantage of the Logentries REST APIs.
  • Painlessly integrate your Logentries data with internal or third party applications.