Post Log Query
Creates a log query
query-agent
{
"logQuery": "SELECT * FROM logs WHERE text='scheduling developer at in minutes from now' AND application='test_application' ORDER BY ingest_timestamp DESC",
"start": 1689143864023,
"end": 1689144164023,
"rows": 50,
"parallelizationFactor": -1,
"extractedFieldsEvaluation": {
"contentPackIdsToInclude": [
"89048dde-0445-4b36-a276-74ghy5d3f870"
],
"includeAllFields": false
}
}Relative URI path of the service managing this document. Can be a complete link, or just a request ID.
Authorization links associated with this request
OrgId for which telemetry data is to be queried
It represents the SQL query to be executed. All queries are run on and filtered by ingest_timestamp by default, but you can query logs on log_timestamp also. To run any query on log_timestamp, add the keyword log_timestamp in the ORDER BY clause.
For example:
Below query returns results filtered by ingest_timestamp:
SELECT * FROM logs WHERE text='error' ORDER BY ingest_timestamp DESC
Below query returns results filtered by log_timestamp:
SELECT * FROM logs WHERE text='error' ORDER BY log_timestamp DESC
Note: Query by log_timestamp is only valid for indexed partitions.
Start timestamp (milliseconds) for the query to be run
End timestamp (milliseconds) for the query to be run
Number of rows to be returned
Callback URL called when query is complete
Payload sent to callbackUrl
Dynamic fields that need to be used in the SQL query (without creating extracted fields)
Subject to filter based on specified user
Page number for current page of results, set when constructing a query during next page handling.
PartitionIds from where we need the response. This might be removed once we figure out an intelligent way to distinguish the partitions from the query constraints. This is done for testing the partition flow for query
OK
{
"documentSelfLink": "/vrlic/api/v1/query/65448dde-0445-4b36-a276-74ghy5d3f870",
"logQuery": "SELECT * FROM logs WHERE text='scheduling developer at in minutes from now' AND application='test_application' ORDER BY ingest_timestamp DESC",
"start": 1689142040160,
"end": 1689142340160,
"rows": 50,
"parallelizationFactor": -1,
"extractedFieldsEvaluation": {
"includeAllFields": false,
"contentPackIdsToInclude": [
"89048dde-0445-4b36-a276-74ghy5d3f870"
]
},
"taskInfo": {
"stage": "STARTED",
"isDirect": false,
"durationMicros": 1000000,
"failure": {
"statusCode": 500
}
},
"createdBy": "[email protected]",
"createdAt": "2023-07-12T06:13:07.106Z",
"id": "65448dde-0445-4b36-a276-74ghy5d3f870",
"logQueryTelemetry": {
"requestId": "65448dde-0445-4b36-a276-74ghy5d3f870",
"orgId": "derb40d2-ed3d-491b-9a58-1b6b554ff40f",
"tenantId": "knj7193b32e83a90",
"userName": "test_user",
"queryAgent": "UI_EXPLORE_LOGS",
"taskStage": "STARTED",
"logQuery": "SELECT * FROM logs WHERE text='scheduling developer at in minutes from now' AND application='test_application' ORDER BY ingest_timestamp DESC",
"formattedLogQuery": "select * from logs where ((((timestamp >= '2023-07-12T06:07:20.160Z') AND (timestamp <= '2023-07-12T06:12:20.160Z')) AND ((text = 'scheduling developer at in minutes from now') AND (application = 'test_application'))) AND (log_type <> 'test_type')) order by ingest_timestamp desc ",
"queryConstraintStr": "{\"operator\":\"AND\",\"fieldName\":null,\"value\":null,\"constraints\":[{\"operator\":\"CONTAINS\",\"fieldName\":\"application\",\"value\":\"test_application\",\"constraints\":[],\"tags\":[]},{\"operator\":\"CONTAINS\",\"fieldName\":\"text\",\"value\":\"scheduling developer at in minutes from now\",\"constraints\":[],\"tags\":[]}],\"tags\":[]}",
"constraintsCount": 2,
"groupByCount": 0,
"queryStartTime": 1689142040160,
"queryEndTime": 1689142340160,
"queryRange": 300000,
"lintAppStartTime": 1689142387102,
"lintAppEndTime": 1689142387203,
"queryExecutionTime": 101,
"errorMessage": "error_message_if_any",
"indexType": "INDEXED",
"numberOfCoresQueried": 5,
"totalSizeQueriedBytes": 1358223043341,
"partitionIdsInRequest": [
"ghub40d2-ed3d-491b-9a58-1b6b554ff40f"
],
"numberOfExtractedFieldsEvaluated": 0,
"queryPostProcessingTime": 1689142040160,
"numRecordsReturned": 90,
"type": null,
"queryTimestampType": "INGEST_TIMESTAMP",
"workflowVsTimeTakenMillis": 1689142040160,
"numberOfGetCallsInvoked": 2,
"lastGetCallInvokedTimeMillis": 1,
"circuitBreakerTriggered": false,
"failedCoresList": null,
"exception": "exception_if_any",
"telemetryDataCreationTimeMillis": 0,
"timeSinceLastGetMillis": 0,
"dynamicFieldsQuery": false,
"aggregateQuery": false
},
"trackerId": "45698c1-5ed9-4eb8-998c-48b1ce72f8b6",
"bytesQueried": 1358223043341,
"tenantAgnostic": false,
"_links": {
"self": {
"href": "/vrlic/api/v1/query/65448dde-0445-4b36-a276-74ghy5d3f870"
},
"first": {
"href": "/vrlic/api/v1/query/65448dde-0445-4b36-a276-74ghy5d3f870"
}
}
}Relative URI path of the service managing this document. Can be a complete link, or just a request ID.
Authorization links associated with this request
OrgId for which telemetry data is to be queried
SQL query to be executed
Start timestamp (milliseconds) for the query to be run
End timestamp (milliseconds) for the query to be run
Number of rows to be returned
Callback URL called when query is complete
Payload sent to callbackUrl
Dynamic fields that need to be used in the SQL query (without creating extracted fields)
Subject to filter based on specified user
Page number for current page of results, set when constructing a query during next page handling.
PartitionIds from where we need the response. This might be removed once we figure out an intelligent way to distinguish the partitions from the query constraints. This is done for testing the partition flow for query
This message indicates failure if query processing fails
Unprocessed query results at the most recent retrieval call
For non-aggregated queries: Total number of records returned in the response,For aggregated queries: Total number of records before aggregation was applied
For aggregated queries: Total number of records returned in the response,For non-aggregated queries: This field is not set
Total number of records that matched the query. This is not necessarily the number of records returned in the response
Number of bytes processed before being uncompressed
Number of bytes processed after being uncompressed
Number of bytes of records of payload data returned by Amazon S3 based on filter conditions
Indicates whether or not the results are a complete set. The field is set if the EOF record is returned from the data platform and contains the field is_result_partial
Query responses are returned in several pages and you can fetch one page at a time. This field represents the link to the next page.
A unique identifier associated with the log query
Tracker identifier to track execution
Total size of high-cost queries
A simple implementation of HAL(Hypertext Application Language) formatted HATEOAS(Hypermedia as the Engine of Application State) links. The principle implies that the API should guide the client through the application by returning relevant information about the next potential steps, along with each response.