Initiate Search

post

https://localhost:8505/lr-search-api/actions/search-task

Body Params

LogRhythm users can search logs/events using this endpoint. This endpoint initates Search and returns TaskId and TaskStatus. The Task details returned from this endpoint will be used as an input for second endpoint (/actions/search-result).

maxMsgsToQuery

integer

Defaults to 10000

Specifies how many results to be indexed

queryTimeout

integer

Defaults to 60

Time interval for the search to time-out

searchMode

string

enum

Enumeration specifying paged\grouped results by Date\Risk fields order by ascending or descending.

Allowed:

dateCriteria

object

By default it will search for last 24 hrs data

queryLogSources

array of integers

Defaults to

Array of integers accepting Message Source Id's which is not mandatory user can pass blank array as well.

queryLogSources

logSourceIds

array of integers

Array of integers accepting log Source Id's

logSourceIds

queryFilter

object

queryEventManager

boolean

Defaults to false

if true then search events else search logs

Responses

Language

Credentials

Header

Response

Click Try It! to start a request and see the response here! Or choose an example:

*/*

200Return task result.

400Bad Request

401Unauthorized

404Resource not found

500Internal Server Error