Query Logs
Query logs from Oodle using the OpenSearch-like HTTP API. This API supports powerful filtering, sorting, and aggregations using OpenSearch Query DSL.
Configuration
To query logs from Oodle via HTTP, you'll need the following values:
OODLE_INSTANCE: Your Oodle instance IDOODLE_API_KEY: Your Oodle API key for authenticationINDEX_PATTERN: Your logs index pattern (visible in Oodle UI)
Querying Logs
The API uses newline-delimited JSON (NDJSON) format with two lines:
- Line 1: Index specification
- Line 2: Search query using OpenSearch Query DSL
- cURL
- JavaScript
- Python
# Query logs using OpenSearch-like API
curl -X POST "https://<OODLE_INSTANCE>.api.oodle.ai/api/v1/query_logs" \
-H "Content-Type: application/x-ndjson" \
-H "X-OODLE-INSTANCE: <OODLE_INSTANCE>" \
-H "X-API-KEY: <OODLE_API_KEY>" \
-d '{"index": "<INDEX_PATTERN>"}
{"sort":[{"timestamp":{"order":"desc"}}],"size":100,"query":{"bool":{"filter":[{"range":{"timestamp":{"gte":1747913756000,"lte":1748000156000,"format":"epoch_millis"}}}]}}}'
// Query logs using OpenSearch-like API
const queryPayload = { index: "<INDEX_PATTERN>" };
const searchPayload = {
sort: [{ timestamp: { order: "desc" } }],
size: 100,
query: {
bool: {
filter: [
{
range: {
timestamp: {
gte: 1747913756000,
lte: 1748000156000,
format: "epoch_millis"
}
}
}
]
}
}
};
const response = await fetch(
"https://<OODLE_INSTANCE>.api.oodle.ai/api/v1/query_logs",
{
method: "POST",
headers: {
"Content-Type": "application/x-ndjson",
"X-OODLE-INSTANCE": "<OODLE_INSTANCE>",
"X-API-KEY": "<OODLE_API_KEY>"
},
body: JSON.stringify(queryPayload) + "\n" + JSON.stringify(searchPayload)
}
);
const data = await response.json();
import requests
# Query logs using OpenSearch-like API
query_payload = {"index": "<INDEX_PATTERN>"}
search_payload = {
"sort": [{"timestamp": {"order": "desc"}}],
"size": 100,
"query": {
"bool": {
"filter": [
{
"range": {
"timestamp": {
"gte": 1747913756000,
"lte": 1748000156000,
"format": "epoch_millis"
}
}
}
]
}
}
}
body = (
requests.compat.json.dumps(query_payload) + "\n" +
requests.compat.json.dumps(search_payload)
)
response = requests.post(
"https://<OODLE_INSTANCE>.api.oodle.ai/api/v1/query_logs",
headers={
"Content-Type": "application/x-ndjson",
"X-OODLE-INSTANCE": "<OODLE_INSTANCE>",
"X-API-KEY": "<OODLE_API_KEY>"
},
data=body
)
data = response.json()
Query Format
The query uses NDJSON format where each JSON object must be on a single line:
Line 1: Index Specification
{"index": "<INDEX_PATTERN>"}
Line 2: Search Query (OpenSearch-like DSL)
Use OpenSearch Query DSL to filter and sort logs. Common query components:
query.bool.filter- Filter conditionsquery.bool.must- Required conditionsquery.bool.should- Optional conditions (OR logic)query.bool.must_not- Exclusion conditionssort- Sort ordersize- Number of results to returnfrom- Pagination offset
Common Query Examples
Filter by log level:
{"query":{"bool":{"filter":[{"match_phrase":{"level.keyword":"ERROR"}}]}}}
Filter by time range:
{"query":{"bool":{"filter":[{"range":{"timestamp":{"gte":1747913756000,"lte":1748000156000,"format":"epoch_millis"}}}]}}}
Combine multiple filters:
{"query":{"bool":{"filter":[{"match_phrase":{"service.keyword":"api"}},{"range":{"timestamp":{"gte":1747913756000,"format":"epoch_millis"}}}]}}}
Exclude specific values:
{"query":{"bool":{"filter":[{"match_phrase":{"level.keyword":"ERROR"}}],"must_not":[{"match_phrase":{"message":"health check"}}]}}}
Response Format
The API returns a JSON response containing:
hits.hits[]- Array of matching log entrieshits.total.value- Total number of matching logstook- Query execution time in milliseconds
Example response:
{
"took": 45,
"hits": {
"total": { "value": 234 },
"hits": [
{
"_source": {
"timestamp": "2025-01-20T10:30:00Z",
"level": "error",
"message": "Connection timeout",
"service": "api"
}
}
]
}
}
Support
If you need assistance or have any questions, please reach out to us through:
- The help chat widget in the bottom-right corner of this page
- Email at support@oodle.ai