How do I perform aggregate queries using SumoLogic APIs
I am trying to perform aggregate queries using SumoLogic APIs as mentioned here.
Something like:
_view = <some_view> | where sourceCategory matches \"something\" | sum(field) by sourceCategory
This works just fine in the Sumo GUI. I get a field in result called "_sum" which gives me the desired result.
However the same doesn't work when I do it using the SUMO APIs. If I create a job with this body:
{
"query": "_view = <some_view> | where sourceCategory matches "something" | sum(field) by sourceCategory",
"from": "start_timestamp",
"to": "end_timestamp",
"timeZone": "some_timezone"
}
I call the "v1/search/jobs" POST method with the above body and I do GET "v1/search/jobs/{job_id}" till the state is "DONE GATHERING RESULTS". Then I do "v1/search/jobs/{job_id}/messages". I was expecting to see aggregated values in the result, but instead I see something similar to:
{
"fields":[
{
"name":"_messageid",
"fieldType":"long",
"keyField":false
}, ...
],
"messages":[
{
"map":{
"_receipttime":"1359407350899",
"_size":"549",
"_sourcecategory":"service",
"_sourceid":"1640",
"the_field_i_mentioned":"not-aggregated-value"
"_messagecount":"2044"
}
}, ...
]
]
Thanks for going through my question. Any advices / work-arounds are appreciated. I don't really want to iterate manually through all items and calculate the sum. I'd prefer to do it on SumoLogic side itself. Thanks Again!
Explanation
Similar as in the User Interface, in the API for log searches you get both raw results (also referred to as messages) and the aggregate results (also referred to as records).
(Obviously, the latter are only returned if there's any aggregation in the query. In your case there is.)
Actual suggestion
Then I do "v1/search/jobs/{job_id}/messages"
Try /records instead.
See the docs for "Paging through the records found by a Search Job"
Disclaimer: I am currently employed by Sumo Logic.
- Meteor server api using iron router returns HTML not the response
- How to return global object from a Rocket REST API?
- How to map this Json with rest template spring boot
- Office 365 REST API - Creating a Contact gives me HTTPCode 400
- Guidance for writing a wrapper for a REST API
- PayPal REST API: Search by BUYER Transaction ID
- Django rest framework where to write complex logic in serializer.py or views.py?
- REST and spring-mvc
- Cookie in Thunder Client VS Code extension
- How to write a generic handler in Go?
- How to make a script to automate taking the GET data from my wordpress site and POST to another server
- How do you set a scenario when doing a restful call in Yii2 to return certain fields
- Spring - checking path variable for null at controller
- How to transform Model-View-Presenter architecture to WebAPI?
- Go file server doesn't serve folder
- How to use jti claim in a JWT
- Rewrite POST method on rest api yii2
- JFrog REST API to Export the X-ray SBOM report
- How can I get BizTalk to allow a large array in querystring for consuming a REST service?
- Why am i getting 405 Method Not Allowed while doing a POST Request
- Use CakePHP Http Client with Magento2 rest API search criteria
- API Key in path
- Trying to call rest APIs, but get http request exception
- Invoke-WebRequest, POST with parameters
- An established connection was aborted by the software in your host machine tomcat jackson
- Empty Form When Initializing from Rest API
- 404-not-found-while-running-spring-boot-rest-api
- Pass array as query parameter in Postman
- Where should the filtering logic be: in the frontend or in the backend?
- Can I get the company name/logo with the LinkedIn API?