API > Logs Endpoint
Overview
While the built-in logs viewer displays recent log entries for issues of compliance or advanced analysis, it can be helpful to have access to the raw blocked request logs.
Important Notes
- Only blocked requests are available through the API
- Request data is not loaded into this log analysis system in real time. There is a variable delay based upon overall network traffic load.
GET /api/logs/query
Used to create an initial request of the logs endpoint. The JSON response will contain a _scroll_id value which can then be used to page through the remaining results.
Required Parameters
- api_key - your API Key
- start_date - YYYY-MM-DD format
- end_date - YYYY-MM-DD format
Request Format
GET /api/logs/query?apikey=example-api-key&start_date=2024-08-24&end_date=2024-08-25
Response - HTTP 200 - application/json
The endpoint will return a JSON response that contains the first 10,000 log entries.
Notable data elements in the response:
_scroll_id- this value represents where the data set "left off" if it extends beyond 10,000 rows. To page through all of the logs within the date range you would take this value and pass it to the/api/logs/scrollendpoint documented below.hits['total']['value']- this is the number of log entries within the query range. If it's less than 10,000 the response contains all of the log entries within that range. If it's greater than 10,000 you will need to use the/api/logs/scrollendpoint to page through the remaining log entries.hits['hits']- An array of log entries
Example Response
For space constraints the following response is truncated and additional, non-critical fields have been removed for clarity.
{
_scroll_id: "FGluY2x1ZGVfY29udGV4dF91dWlkDnF1ZXJ5VGhlbkZldGNoBhZTZlFTN3pOOFN6YU1GTXdNbXNNNlBBAAAAAAEJfVMfaGlnaDAxOWM6cXVHTWswaVRSYzJPTmIwd3ppWTBUZxZsTms0Vjg1X1RIdVhmVE5Id050eFRBAAAAAAED3SkfaGlnaDAxOWM6M0tRVWZuYTJRQUdEUzViWFUtUHFxQRZTZlFTN3pOOFN6YU1GTXdNbXNNNlBBAAAAAAEJfVIfaGlnaDAxOWM6cXVHTWswaVRSYzJPTmIwd3ppWTBUZxYxejRZMnRpUFJJZXdjMXRxZHA5T09RAAAAAAEUr3EfaGlnaDAxOWM6SjZwMG5Fc0VTSkNXWnFGa2tLbTZZdxZsTms0Vjg1X1RIdVhmVE5Id050eFRBAAAAAAED3R4faGlnaDAxOWM6M0tRVWZuYTJRQUdEUzViWFUtUHFxQRZXSXN3XzJmVlJLLW9sNmZWeDBpSTJ3AAAAAAEJKIwfaGlnaDAxOWM6aWxOS2JzOWNUM0tCN0FzLUp1ajk2dw==",
hits: {
total: {
value: 5844
},
hits: [
{
_index: "high019c:13778_newlogs_20240830-01",
_id: "CQm7pZEB2C_RQIsVPj88",
_score: null,
_source: {
referrer: "https://tapinto-legacy.tapinto.net/",
path: "/embedded-subject-line-tester-v1.js",
method: "GET",
size: "2404",
ip: "108.53.1.109",
block_code: "CUST",
ip_geoip: {
country_name_enriched: "US",
city_name: "Belmar",
location_geopoint: {
lon: -74.0717,
lat: 40.1712
},
country_name: "United States"
},
user_agent: "Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15"
}]
....additional entries removed.
GET /api/logs/scroll
Used to page through additional sets of 10,000 log records within the queried parameter. You must call /api/logs/query first, retrieve the _scroll_id value from the JSON response and then use that value to call this endpoint.
Required Parameters
- api_key - your API Key
- scroll_id - Note: this is
scroll_id(no leading underscore) but the value returned in the JSON response is_scroll_id(leading underscore)
Request Format
GET /api/logs/scroll?apikey=example-api-key&scroll_id=example-scroll-id
Response - HTTP 200 - application/json
The response to this endpoint is identical to the response from /api/logs/query - if no records are returned in hits['hits'] then you've reached the end of the paging.
Note: a new _scroll_id value is returned in each response so it's necessary to serially work through the responses.
API Help
We're happy to help you build whatever functionality you need with the API.
Please don't hesitate to :
- Contact us at support@expeditedsecurity.com
- Book a Call at https://app.harmonizely.com/expedited/30-min
We are a team of developers and sysadmins who are can help troubleshoot and debug whatever API interactions you need to create.