Handling API Calls and Responses

TLDR Alejandro needed help with API queries and hit limits. Prabhat suggested copying from the UI and increasing the `size` value for all hits.

Photo of Alejandro
Alejandro
Sun, 24 Sep 2023 14:55:47 UTC

Hi everyone. A question to get events using the API. I'm doing this query with CURL: ```root@ubuntu:~# curl -X 'POST' '' -H 'accept: application/json' -H 'Authorization: Basic REDACTED' -H 'Content-Type: application/json' \ -d '{ "aggs": { "histogram": "select histogram(_timestamp, '\''30 second'\'') AS zo_sql_key, count(*) AS zo_sql_num from query GROUP BY zo_sql_key ORDER BY zo_sql_key" }, "query": { "end_time": 1695541369000, "from": 0, "size": 10, "sql": "SELECT * FROM dns", "start_time": 1695537769000 } }'``` The answer has no hits: ```{"took":10,"took_detail":{"total":15,"wait_queue":0,"cluster_total":14,"cluster_wait_queue":4},"hits":[],"total":0,"from":0,"size":10,"scan_size":0}``` I know for sure that I have logs for that period of time, so maybe I'm misunderstanding how to construct the API call to get the events after review the example on Swagger. Anybody can tell me which is my error? Thanks in advance for your help!

Photo of Prabhat
Prabhat
Sun, 24 Sep 2023 15:02:17 UTC

Generally the easiest way to do is to fire the query in the UI and then copy it as curl and modify it. You can open the dev console either in Chrome or firefox

Photo of Alejandro
Alejandro
Sun, 24 Sep 2023 15:26:48 UTC

Perfect, worked, thanks Prabhat

Photo of Alejandro
Alejandro
Tue, 26 Sep 2023 13:24:17 UTC

Hi again Prabhat. A new question about API calls: Is there a way to get the complete response, all the hits, when I do an API call? Because this is working: ```curl '' \ -H 'accept: application/json' \ -H 'authorization: Basic redacted' \ -H 'content-type: application/json' \ --data-raw $'{"query":{"sql":"select * from \\"windows\\" ","start_time":1695643842186000,"end_time":1695730242186000,"from":0,"size":150}}' \ --compressed``` But I'm only obtaining the first 150 hits. And if I remove "from" and "size", I obtain only 10 hits. I'm trying to do some dashboards with information about logins in Grafana from the last couple of hours, using Infinity Datasource, and with obtaining only 150 hits, the information is not accurate. I know that maybe I can use a huge number on "size", but is not the idea I guess. Thanks in advance for your help!

Photo of Prabhat
Prabhat
Tue, 26 Sep 2023 13:33:10 UTC

The only way to get complete response is to give `size` a very large number

Photo of Alejandro
Alejandro
Tue, 26 Sep 2023 13:33:42 UTC

Ok, thanks Prabhat

Photo of Prabhat
Prabhat
Tue, 26 Sep 2023 13:43:56 UTC

What kind of dashboard that you are trying which you are not able to build directly in OpenObserve?

Photo of Alejandro
Alejandro
Tue, 26 Sep 2023 13:53:35 UTC

One with filtering. Remember that I opened a Github issue for that: Anyway, I like to use Grafana in many cases because I can show events from many sources. The UI of OpenObserve is amazing (is really simple, you can use it without read docs, and that show how easy and well created is), but don't cover all use cases (I guess for now) like incident response with automation, ticketing system, and things like that.

OpenObserve Logo

OpenObserve

Indexed 419 threads

OpenObserve is an open-source, petabyte-scale observability platform for the cloud native realm, offering a 10x cost reduction and 140x less storage use compared to competitors like Elasticsearch or Splunk. Built in Rust for exceptional performance, it offers comprehensive features like logs, metrics, traces, dashboards, and more | Knowledge Base powered by Struct.AI

View in App

Similar Threads

Issues with openobserve(v0.5.0) API Response Code
Understanding and Integrating with OpenObserve
Integrating OpenObserve with a User Solution and Handling Errors.
Troubleshooting Zincobserve Upload Error
Problem with SQL Statements Containing Strings in Curl Commands