POST Events Ingest Agent Id

POST Events Ingest Agent Id

Ingest and index new log messages contained in the body.

Can contain a maximum of 4MB of JSON in a single submission with 16KB in a single text field. Batch-submission of multiple adjacent events is more efficient than a seperate POST for each.

Each event can contain a list of key-value fields. Values are expressed as strings or as character ranges in the event text.

The timestamp of an event is optional, and expressed as milliseconds-since-epoch UTC. If the submission is authenticated, the timestamp field is trusted. Unauthenticated event submissions have their time clamped to within 10 minutes of the server's current time. #% config.api-server.max-tolerated-client-time-drift=600000

Request
URI
POST
https://{api_host}/api/v2/events/ingest/{agentId}
COPY
Path Parameters
string
agentId
Required

A unique identifier for the event source. Specify a BIOS UUID, a stored UUID4 or other stable identifier. If no suitible identifier exists, can be safely set to 0.


Request Body

Show optional properties

{
    "events": [
        {}
    ]
}
{
    "events": [
        {
            "fields": [
                {
                    "name": "StaticField",
                    "content": "Security"
                },
                {
                    "name": "PositionalField",
                    "startPosition": 6,
                    "length": 7
                }
            ],
            "text": "A new process has been created.",
            "timestamp": 1396622879241
        }
    ]
}
array of object
events
Required

events

Authentication
This operation uses the following authentication methods.
Responses
200

Successfully ingested new log events.

{
    "ingested": 1,
    "message": "events ingested",
    "status": "ok"
}
integer
ingested
Required

ingested

string
message
Required

message

string
status
Required

status


400

The body contained a zero-length list of events.

{
    "errorMessage": "Missing events"
}

401

The request was refused because it included invalid authentication credentials. The Authorization header was present, but it contained an invalid session ID.

Obtain a new session ID and retry the request, or make an unauthenticated request without the Authorization header.

"Invalid session ID"

440
Operation doesn't return any data structure

503
Operation doesn't return any data structure

Code Samples
COPY
                    curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"events":["object"]}' https://{api_host}/api/v2/events/ingest/{agentId}