POST Events Ingest Agent Id
Ingest and index new log messages contained in the body.
Can contain a maximum of 4MB of JSON in a single submission with
16KB in a single text
field.
Batch-submission of multiple adjacent events is more
efficient than a seperate POST
for each.
Each event can contain a list of key-value fields
.
Values are expressed as strings or as character ranges in the event text
.
The timestamp
of an event is optional, and expressed as
milliseconds-since-epoch UTC.
If the submission is authenticated, the timestamp
field is trusted.
Unauthenticated event submissions have their time clamped to
within 10 minutes of the server's current time.
#% config.api-server.max-tolerated-client-time-drift=600000
A unique identifier for the event source.
Specify a BIOS UUID, a stored UUID4 or other stable identifier.
If no suitible identifier exists, can be safely set to 0
.
Show optional properties
{
"events": [
{}
]
}
{
"events": [
{
"fields": [
{
"name": "StaticField",
"content": "Security"
},
{
"name": "PositionalField",
"startPosition": 6,
"length": 7
}
],
"text": "A new process has been created.",
"timestamp": 1396622879241
}
]
}
events
Successfully ingested new log events.
{
"ingested": 1,
"message": "events ingested",
"status": "ok"
}
ingested
message
status
The body contained a zero-length list of events.
{
"errorMessage": "Missing events"
}
The request was refused because it included invalid authentication
credentials. The Authorization
header was present, but it contained
an invalid session ID.
Obtain a new session ID and retry the request,
or make an unauthenticated request without the Authorization
header.
"Invalid session ID"
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"events":["object"]}' https://{api_host}/api/v2/events/ingest/{agentId}