POST Events Ingest Agent Id
Ingest and index new log messages contained in the body.
Can contain a maximum of 4MB of JSON in a single submission with
16KB in a single text field.
Batch-submission of multiple adjacent events is more
efficient than a seperate POST for each.
Each event can contain a list of key-value fields.
Values are expressed as strings or as character ranges in the event text.
The timestamp of an event is optional, and expressed as
milliseconds-since-epoch UTC.
If the submission is authenticated, the timestamp field is trusted.
Unauthenticated event submissions have their time clamped to
within 10 minutes of the server's current time.
#% config.api-server.max-tolerated-client-time-drift=600000
A unique identifier for the event source.
Specify a BIOS UUID, a stored UUID4 or other stable identifier.
If no suitible identifier exists, can be safely set to 0.
{
"events": [
{
"fields": [
{
"name": "StaticField",
"content": "Security"
},
{
"name": "PositionalField",
"startPosition": 6,
"length": 7
}
],
"text": "A new process has been created.",
"timestamp": 1396622879241
}
]
}Successfully ingested new log events.
{
"ingested": 1,
"message": "events ingested",
"status": "ok"
}The body contained a zero-length list of events.
{
"errorMessage": "Missing events"
}The request was refused because it included invalid authentication
credentials. The Authorization header was present, but it contained
an invalid session ID.
Obtain a new session ID and retry the request,
or make an unauthenticated request without the Authorization header.
"Invalid session ID"The request was refused because the session ID has
expired. Obtain a new session ID from /api/v1/sessions,
or make an unauthenticated request without the Authorization header.
"Login Timeout"The server is overloaded and unable to handle this ingestion request.
The Retry-After header contains a suggested retry time in seconds.
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '[{}]' https://{api_host}/api/v1/events/ingest/{agentId}