Jump to Content

Home Guides API Reference Changelog 💬 Discussions

v1.0

API Reference

v1.0Home Guides API Reference Changelog 💬 Discussions

All

Pages

Start typing to search…

LogRhythm Admin Service API

lists
identities
identity lists
- Get Identity From Listget
entities
hosts
networks
users
knowledgebase
notification groups
logsources
agents
licenses
- Get Licensed Entitlements *get
- List licensesget
mperules
beats
openCollectors
locations
- Provides all available locations.get
- Provides location details by location ID.get
mpePolicies
messagesourcedateformats
- List Date Formatsget
- Get Message Source Date Formatget

LogRhythm AIE Drill Down API

/drilldown/{alarmID}
- Get Drill-Down Logs and Summaryget
/drilldown/{alarmID}/summary
- Get Drill-Down Summaryget

LogRhythm AI Engine API

Rules

LogRhythm Alarm API

alarms

LogRhythm Case API

Case Summary
Case Metrics
- Get Case Metricsget
- Update Case Metricsput
Case Evidence
Playbooks
Playbook Procedures
Playbook Attachments
Playbook Import / Export
- Import Playbookpost
- Export Playbookget
Files
Case Tags
- Add Case Tags *put
- Remove Case Tags *put
Case Collaborators
Associated Cases
Case History
- List Case History *get
Case Playbooks
Case Playbook Procedures
Case Playbook Attachments
Global History
- List Global History *get
Logs Indexes
- List Logs Indexes (All Cases)get
Tags
Capabilities
- Get Capabilitiesget
Users
Feature Flags
- Get Feature Flags *get
Maintenance
- Run Log Evidence Maintenance *post

LogRhythm Metrics API

Log Volume
- Get Log Volume Detailspost
TTL
- Get TTL detailsget

LogRhythm Network Monitor API

/applications
- Returns the list of applications classified by Network Monitor.get
/configuration/ntp
- Returns the primary and secondary NTP server configuration.get
- Sets the primary and secondary NTP server configuration.put
/dpaRules/actions/upload
- Uploads a DPA Rule in lrl format.post
/dpaRules/custom
/dpaRules/custom/bulk
- Delete one or more Custom DPA Rules. This operation cannot be undone.del
/dpaRules/custom/{ruleName}
- Delete the Custom DPA Rule with the given rule name. This operation cannot be undone.del
/dpaRules/reload
- Reload DPA Rules.put
/dpaRules/{ruleName}/actions/download
- Download the LRL file associated with this DPA rule.get
/dpaRules/system
- Retrieve metadata for all System DPA Rules.get
- Enable or disable a System DPA Rule.post
/eula/actions/download
- Download the Network Monitor End User License Agreement.get
/indices/metadata
- Returns all metadata indices for Network Monitor.get
/indices/metadata/{index}
- Deletes the metadata index using the provided index. This operation cannot be undone. This route is admin-only.del
/indices/upgrade
- Returns all indices for Network Monitor's upgrade history.get
/licenses
- Returns Network Monitor license information.get
- Uploads and installs an enterprise or Freemium license. Reboot required.post
/login
- Validate Login Credentials.post
/logs/{logName}/actions/download
- Download the specified Network Monitor log.get
/me
- Retrieves details for the current user.get
- Updates details for the current user.put
/me/actions/changePassword
- Change Current User's Passwordpost
/me/actions/resetApiToken
- Resets the current user's API token.post
/network/hostname
- Returns the hostname of the Network Monitor appliance.get
- Sets the hostname of the Network Monitor appliance. Returns the new hostname if successful.put
/pcap/actions/download
- Download multiple PCAPs at one time.post
/pcap/actions/upload
- Uploads a PCAP for replay.post
/queryRules
/queryRules/{queryRuleId}
/search
- Allows direct queries into ElasticSearch.post
/services
- Returns current status of all Network Monitor services.get
/services/actions/restart
- Restart Network Monitor services. This route is admin-only.put
/services/capture
- Returns the current Capture configuration.get
- Configures Capture settings.put
/services/capture/actions/addCapturedApplications
- Appends applications to an existing list of captured applications.put
/services/capture/actions/addExcludedApplications
- Appends applications to an existing list of excluded applications.put
/services/capture/actions/removeCapturedApplications
- Removes applications from an existing list of captured applications.put
/services/capture/actions/removeExcludedApplications
- Removes applications from an existing list of excluded applications.put
/services/filters/application/blacklist
/services/filters/application/blacklist/{application}
- Removes the specified application from the application blacklist. This route is admin-only.del
/services/filters/ip/blacklist
/services/filters/ip/blacklist/{filter}
- Deletes an individual filter from the IP filter blacklist. This route is admin-only.del
/services/filters/ip/mode
- Gets the IP filter mode. This route is admin-only.get
- Updates the IP filter mode. This route is admin-only.put
/services/filters/ip/whitelist
/services/filters/ip/whitelist/{filter}
- Deletes an individual filter from the IP filter whitelist. This route is admin-only.del
/session/{id}
- Get session metadata, such as the application, if it is captured, total bytes, etc.get
/session/{id}/csv
- Get session metadata downloaded into a csv fileget
/session/{id}/files
- Download reconstructed files contained in the session.get
/session/{id}/pcap
- Reconstruct and download the pcap associated with a session ID.get
/session/replayed
- Get replayed session information.get
/system/actions/reboot
- Reboot Network Monitor. This route is admin-only.post
/system/actions/shutdown
- Shutdown Network Monitor. This route is admin-only.post
/system/actions/upgrade
- Upgrades Network Monitor. Reboot required. This route is admin-only.post
/systemInfo
- Network Monitor System Information.get
/system/storage/filesystems
- Returns filesystem configurations for Network Monitor.get
/system/time
- Returns the current system time in milliseconds.get
/users
- Returns a list of all users. This route is admin-only.get
- Update or add multiple users at once. This route is admin-only.put
/users/{username}
/users/{username}/actions/resetPassword
- Reset A User's Password. This route is admin-only.post

LogRhythm Search API

Search API
- Initiate Searchpost
- Search Resultpost

Powered by

Get TTL details

get

http://localhost:8505/lr-metrics-api/ttl

Fetch cluster-wise TTL detail.

Language

Click Try It! to start a request and see the response here!