Pulling Logs from the Aria Operations for Logs API

I wanted to pull logs from Aria Operations for Logs programatically via the API, so I went looking around for endpoints on the API surface. The first one that caught my attention was GET /events/{+path}.

But whatever I tried for +path it didn't work, I continually got the missing_argument error. I didn't see any additional options on the public API, so I looked internally. The internal API can be found at https://your_logs_ip/rest-api/internal.

The queries endpoint looks promising.

Let's adjust the query to look at the last 24 hours (using Epoch time) and a hostname we know has logs, something like this.

Clicking Execute gives us our results.

Looking at the Response body in more detail shows all of the fields returned, including the main log itself shown in originalText.

Which coincides with the log from the UI, as shown here.

Another example, might be something like this, running your API call and specifying a string you might be looking for.

Comparing that first entry to what we see in the Logs UI itself, they match.

If you're struggling with syntax of the API call to replicate what you're doing in the UI, go here.

Once you have the dropdown click shift, which will give you the PIQL syntax being used in the UI, you can use this to help create your API calls.

Explore the Operations for LOGS API, lots of things we can do here, enjoy!