Host Log Monitoring API - POST analysis job

Starts the log analysis job.

Optionally, you can indicate a start and end time stamp or query to filter log content.

The request produces an application/json payload.

POST	Managed https://{your-domain}/e/{your-environment-id}/api/v1/entity/infrastructure/hosts/{hostId}/logs/{logPath} SaaS https://{your-environment-id}.live.dexp.ae/api/v1/entity/infrastructure/hosts/{hostId}/logs/{logPath}

Authentication

To execute this request, you need the Access logs permission assigned to your API token. See the Authentication page to learn how to obtain and use it.

Parameters

Note All special characters in the log path must be escaped.

Parameter	Type	Description	In	Required
hostId	string	The entity ID of the required host.	path	required
logPath	string	The full pathname of the log.	path	required
query	string	Narrows down the scope of the analysis to the entries, matching the specified criteria. The criteria must use the DESK search query language syntax.	query	optional
startTimestamp	integer	The start timestamp of the analysis range, in UTC milliseconds. If not set, then 2 hours behind from now is used.	query	optional
endTimestamp	integer	The end timestamp of the analysis range, in UTC milliseconds. If not set, then the current timestamp is used.	query	optional
body	ParsingDefinition	Parsing definition to specify other parsing criteria.	body	optional

Request parameters JSON model

The ParsingDefinition object

Element	Type	Description	Required
parsingMode	string	Parsing mode for log analysis entries presentation. Available parsing modes: [json, disabled, all]	optional
customParsingFields	CustomParsingField[]	Custom parsing fields.	optional

The CustomParsingField object

Element	Type	Description	Required
name	string	Custom field name.	optional
valueType	string	Custom field type. Available field types: [string, integer, long, float, boolean]	optional
contentPrefix	string	Content prefix.	optional
contentSuffix	string	Content suffix.	optional

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request. See the Example expandable section for working sample request.

      
  {
  "parsingMode": "json",
  "customParsingFields": [
    {
      "name": "testCustomField",
      "valueType": "string",
      "contentPrefix": "Logon",
      "contentSuffix": ""
    }
  ]
}

Response format

Parameters JSON model

Element	Type	Description
jobId	string	The ID of the started job.

{
  "jobId": "32502e45-ed3d-47b9-b150-23e787ee285e"
}

Response codes

Code	Description
202	Success. The response body contains the ID of the job.
400	Failed. See the response body for details.
404	Not found. See the response body for details.

Example

In this example the request starts a log analysis job for the Windows Application Log from the HOST-EA474F61FFBD5C97 host. The timeframe of analysis lies between time stamps 1537840000000 and 1537880000000.

The API token is passed in the Authorization header.

The response contains the ID of the started analysis job.

Curl

curl -X POST \
  https://mySampleEnv.live.dexp.ae/api/v1/entity/infrastructure/hosts/HOST-FE05D86A03025CAA/logs/Windows%20Application%20Log?startTimestamp=1537840000000&endTimestamp=1537880000000 \
  -H 'Authorization: Api-Token abcdefjhij1234567890' \

Request URL

https://mySampleEnv.live.dexp.ae/api/v1/entity/infrastructure/hosts/HOST-FE05D86A03025CAA/logs/Windows%20Application%20Log?startTimestamp=1537840000000&endTimestamp=1537880000000

Response content

{
  "jobId": "32502e45-ed3d-47b9-b150-23e787ee285e"
}

Response code

202