Skip to main content

Query Logs

Query logs from Oodle using the OpenSearch-like HTTP API. This API supports powerful filtering, sorting, and aggregations using OpenSearch Query DSL.

Configuration

To query logs from Oodle via HTTP, you'll need the following values:

  • OODLE_INSTANCE: Your Oodle instance ID. Go to Settings icon -> API Keys page in your Oodle UI to find out. (Oodle UI links: ap1, us1)
  • OODLE_API_KEY: Your Oodle API key for authentication. Go to Settings icon -> API Keys in your Oodle UI to choose an appropriate key. (Oodle UI links: ap1, us1)
  • INDEX_PATTERN: Your logs index pattern Go to Logs icon -> Explore in your Oodle UI, you can find the index pattern in the top-left dropdown.

Steps

Query Logs Integration

You can find the required Query Logs configuration values by doing the following:

  1. Login to the Oodle UI, then navigate to Settings page
  2. Click on the Query Logs tile
  3. Choose an appropriate API key from the list on top of the drawer

Follow the steps specified in the drawer to query Logs from Oodle via HTTP requests.

Querying Logs

The API uses newline-delimited JSON (NDJSON) format with two lines:

  1. Line 1: Index specification
  2. Line 2: Search query using OpenSearch Query DSL
# Query logs using OpenSearch-like API
curl -X POST "https://<OODLE_INSTANCE>.api.oodle.ai/api/v1/query_logs" \
  -H "Content-Type: application/x-ndjson" \
  -H "X-OODLE-INSTANCE: <OODLE_INSTANCE>" \
  -H "X-API-KEY: <OODLE_API_KEY>" \
  -d '{"index": "<INDEX_PATTERN>"}
{"sort":[{"timestamp":{"order":"desc"}}],"size":100,"query":{"bool":{"filter":[{"range":{"timestamp":{"gte":1747913756000,"lte":1748000156000,"format":"epoch_millis"}}}]}}}'

Query Format

The query uses NDJSON format where each JSON object must be on a single line:

Line 1: Index Specification

{"index": "<INDEX_PATTERN>"}

Line 2: Search Query (OpenSearch-like DSL)

Use OpenSearch Query DSL to filter and sort logs. Common query components:

  • query.bool.filter - Filter conditions
  • query.bool.must - Required conditions
  • query.bool.should - Optional conditions (OR logic)
  • query.bool.must_not - Exclusion conditions
  • sort - Sort order
  • size - Number of results to return
  • from - Pagination offset

Common Query Examples

Filter by log level:

{"query":{"bool":{"filter":[{"match_phrase":{"level.keyword":"ERROR"}}]}}}

Filter by time range:

{"query":{"bool":{"filter":[{"range":{"timestamp":{"gte":1747913756000,"lte":1748000156000,"format":"epoch_millis"}}}]}}}

Combine multiple filters:

{"query":{"bool":{"filter":[{"match_phrase":{"service.keyword":"api"}},{"range":{"timestamp":{"gte":1747913756000,"format":"epoch_millis"}}}]}}}

Exclude specific values:

{"query":{"bool":{"filter":[{"match_phrase":{"level.keyword":"ERROR"}}],"must_not":[{"match_phrase":{"message":"health check"}}]}}}

Response Format

The API returns a JSON response containing:

  • hits.hits[] - Array of matching log entries
  • hits.total.value - Total number of matching logs
  • took - Query execution time in milliseconds

Example response:

{
  "took": 45,
  "hits": {
    "total": { "value": 234 },
    "hits": [
      {
        "_source": {
          "timestamp": "2025-01-20T10:30:00Z",
          "level": "error",
          "message": "Connection timeout",
          "service": "api"
        }
      }
    ]
  }
}

Support

If you need assistance or have any questions, please reach out to us through:

  • The help chat widget available on the Support link in the sidebar
  • Email at support@oodle.ai