DX Operational Intelligence
Query APIs

doisaas
 
 
Data Retrieval API
This API queries and retrieves data (logs, metrics, events, alarms, and inventory) from DX Operational Intelligence.
URI Pattern
https://<ao_analytics_hostname>/mdo/v2/aoanalytics/<data type category>/<data type name>/_search?
Where 
<ao_analytics_hostname>
 is the FQDN route name of the OpenShift environment.
 
HTTP Method
 
GET 
Data Type Category
Valid values: logs, metrics, events, alarms, and inventory
Data Type Name
Specific data type name within the category. For example, apache_access (logs), metrics_uim (metrics), events_spectrum (events).
 The Data Type Category and Data Type Name are optional and the API will fetch results from all categories or all types if specific values are not provided in the URI. See the Data Type Mapping API to retrieve the valid values of the available Data Types.
For example, the URI pattern 
 
..../aoanalytics/events/_search
 
 searches data across all types of events available in 
DX Operational Intelligence
. However, using the URI pattern 
 
..../aoanalytics/events/events_spectrum/_search
 
 restricts the search to only 
 
events_spectrum
 
 type events.
Request Parameters
Parameter
Description
Default Value
Example
q
Phrase or query to search the data (using the Apache Lucene query syntax)
None
For example:
Enter “Exception” in the logs category to find all logs that contain the word Exception.
Enter (request:*servicedesk* AND response_code:[500 TO 599]) to find all requests with server error codes
timefrom
Start time of search in ISO8601 format.
None
2016-09-03T07:16:23Z
timeto
End time of search in ISO8601 format.
None
2016-09-03T07:16:23Z
from
The starting from index of the hits to return
0
size
The number of hits to return.
10
Example
Display all the apache_access logs having all the requests with server error codes (starting from document 2 and maximum 200 documents):
https://<doi>/mdo/v2/aoanalytics/logs/apache_access/_search?q=(request:*servicedesk* AND response_code:[500 TO 599])&from=2&size=200
{ "took" : 17, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "failed" : 0 }, "hits" : { "total" : <total_matching_docs>, "max_score" : 1.0, "hits" : [ { "_index" : <index_name>, "_type" : <index_type>, "_id" : <document_id>, "_score" : 1.0, "_source" : { field1 : value1, field2 : value2 } }, { "_index" : <index_name>, "_type" : <index_type>, "_id" : <document_id>, "_score" : 1.0, "_source" : { field1 : value1, field2 : value2 } } ] } }?
{ "took" : 17, "timed_out" : false, "_shards" : { "total" : 1, "successful" : 1, "failed" : 0 }, "hits" : { "total" : 3876, "max_score" : 1.0, "hits" : [ { "_index" : "ao_itoa_logs_syslog_1", "_type" : "data", "_id" : "9f24f529-bf8b-4662-85a2-5ad0ad4ec040", "_score" : 1.0, "_source" : { "tenant_id" : "2EC0665A-AD37-462E-A3FC-40B61D7C9D9C", "@product_id" : "AXA_1_0", "syslog_severity_code" : "5", "syslog_pid" : "-", "syslog_facility" : "local3", "syslog_facility_code" : "19", "syslog_program" : "4627513", "syslog_message" : " Mar 17 12:43:02.866 EST: %BGP_SESSION-5-ADJCHANGE:neighbor 138.42.96.3 VPNv4 Unicast topology base removed from session", "@doc_type_version" : "1.0", "syslog_severity" : "notice", "logtype": "syslog", "@timestamp" : 1489768988128, "syslog_timestamp" : "2017-03-17T22:13:03.082176+05:30", "host" : "cis720496-6.ca.com", "syslog_priority" : "5", "syslog_ver" : "1", "@doc_type_id" : "logs_syslog", "@tenant_id" : "2EC0665A-AD37-462E-A3FC-40B61D7C9D9C", "syslog_pri": "157", "timestamp" : "2017-03-17T16:43:03.082Z", "received_timestamp" : "2017-03-17T16:43:07.753Z" } } ] } }?
Data Type Mapping Endpoint
Retrieves list of valid Data Type Names and available fields for each type.
 
HTTP method:
 GET
  •  
    http://<doi>/mdo/v2/aoanalytics/<data type category>/datatypes/
     
    Provides a list of all the supported Data Type names for the specified category.
    { "datatypes": [<datatype1>, <datatype2>, <datatype3>] } Response example (for logs category): { "category": "logs", "datatypes": [apache_access, tomcat, eventlog, syslog, log4j] } Response example (for events category): { "category": "events", "datatypes": [events_spectrum, events_uim] }
  •  
    http://<doi>/mdo/v2/aoanalytics/<data type name>
     
    Provides the list of fields and mappings for the specified data type.
    { "ao_itoa_logs_syslog_1" : { "mappings" : { "data" : { "properties" : { <field1>: { <prop1>: <value1>, <prop2>: <value2>, }, <field2>: { <prop1>: <value1>, <prop2>: <value2>, } } } } } }?
    { "ao_itoa_logs_syslog_1" : { "mappings" : { "data" : { "properties" : { "@doc_type_id" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "@doc_type_version" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "@product_id" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "@tenant_id" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "@timestamp" : { "type" : "date", "format" : "epoch_millis" }, "file" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "host" : { "type" : "string", "index" : "not_analyzed" }, "ip" : { "type" : "ip" }, "logtype" : { "type" : "string", "index" : "not_analyzed" }, "origin" : { "type" : "string" }, "raw_message" : { "type" : "string", "analyzer" : "keyword_lowercase" }, "received_timestamp" : { "type" : "date", "format" : "strict_date_optional_time||epoch_millis" }, "syslog_facility" : { "type" : "string", "index" : "not_analyzed" }, "syslog_facility_code" : { "type" : "long" }, "syslog_hostname" : { "type" : "string", "index" : "not_analyzed" }, "syslog_message" : { "type" : "string" }, "syslog_pid" : { "type" : "string", "index" : "not_analyzed" }, "syslog_pri" : { "type" : "string", "index" : "not_analyzed" }, "syslog_priority" : { "type" : "long" }, "syslog_program" : { "type" : "string", "index" : "not_analyzed" }, "syslog_received_at" : { "type" : "string", "index" : "not_analyzed" }, "syslog_severity" : { "type" : "string", "index" : "not_analyzed" }, "syslog_severity_code" : { "type" : "long" }, "syslog_timestamp" : { "type" : "string", "index" : "not_analyzed" }, "syslog_ver" : { "type" : "string" }, "tags" : { "type" : "string", "index" : "not_analyzed" }, "tenant_id" : { "type" : "string" }, "timestamp" : { "type" : "date", "format" : "strict_date_optional_time||epoch_millis" } } } } } }?