Skip to content
API Enriched

Access Log Aggregation Query.

POST
/api/data/namespaces/{namespace}/access_logs/aggregation
curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/example/access_logs/aggregation \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "aggs": {}, "end_time": "example", "namespace": "example", "query": "example", "start_time": "example" }'

Request to GET summary/analytics data for the access logs that matches the query in request for a given namespace. Typically, virtual host is specified as match condition in the request to GET the aggregaation data for a virtual host.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
namespace
required
string

Namespace GET aggregation data for a given namespace.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
AccessLogAggregationRequest

Request to GET only aggregation data for access logs.

object
aggs
aggregations

Aggregations provide summary/analytics data over the log response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key’ed by user-defined aggregation name. The response will be key’ed with the same name. Optional.

object
end_time
end time

Fetch access logs whose timestamp <= end_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to

string
<= 1024 characters
namespace
namespace

GET aggregation data for a given namespace.

string
>= 6 characters <= 1024 characters
query
query

Query is used to specify the list of matchers syntax for query := {[]} := <field_name>"" <field_name> := string One or more of following fields in access log may be specified in the query. App_type - application type vh_name - name of the virtual host src_site - source site src - source service src_instance - source instance dst_site - destination site dst - destination service dst_instance - destination instance method - request method req_path - request path rsp_code - response code browser_type - browser type city - name of the city country - country code device_type - device type := string := [”=”|”!=”] = : equal to != : not equal to When more than one matcher is specified in the query, then access logs matching ALL the matchers will be considered for aggregation. Example: query={src=“service1”, dst=“service2”} will consider all access logs with source service “service1” and the destination service “service2”

Optional: If not specified, all the access logs matching the given tenant, namespace will be considered for aggregation.

string
<= 1024 characters
start_time
start time

Fetch access logs whose timestamp >= start_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to -10m.

string
<= 1024 characters
Examplegenerated
{
  "aggs": {},
  "end_time": "example",
  "namespace": "example",
  "query": "example",
  "start_time": "example"
}

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
LogAggregationResponse

Response message for AuditLogAggregationRequest/AccessLogAggregationRequest.

object
aggs
aggregations

Aggregations provide summary/analytics data over the log response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key’ed with the aggregation name specified in the request.

object
total_hits
total hits

Total number of log messages that matched the query.

string format: uint64
<= 1024 characters
Examplegenerated
{
  "aggs": {},
  "total_hits": "example"
}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example