Event Logging Service API
Resource and URI:
This section describes the Event Logging REST Service resources and URI. The base URI for the service will be:
http://{hostname}:{port}/services/eventlogging/GET /
Resource to check if Event Logging REST Service is online. On success, it will return an HTTP code 200.
Example request:
GET http://{hostname}:{port}/services/eventlogging/GET /events/{eventUUID}
It returns an event with the given uuid.
Example request:
GET http://{hostname}:{port}/services/eventlogging/events/fe5338b4-fc8a-451
e-9d28-33c73cd1d828Request Body:
{
"eventUUID": "392c775b-8072-45b2-bf6b-fa1ffb1ffc6c",
"category": "system",
"eventType": "LOGEvent",
"severity": "INFO",
"logMessage": "Total 3 routes, of which 3 is started.",
"logSource": {
"bundle.id": "170",
"bundle.name": "org.apache.camel.camel-core",
"bundle.version": "2.12.1",
"class.name": "org.apache.camel.impl.DefaultCamelContext",
"file.name": "DefaultCamelContext.java",
"host.name": "sopera",
"line.number": "1533",
"logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
"method.name": "start",
"process.id": "6468"
},
"logTimestamp": "2013-11-13T09:13:58.126+0000",
"agentId": "agent1",
"agentTimestamp": "2013-11-13T09:13:58.134+0000",
"serverTimestamp": "2013-11-13T09:14:59.187+0000",
"audit": false,
"customInfo": {
"activemq.broker": "eventloggingbroker"
}
}GET /events/{eventUUID}/signature
If not empty, this request returns a signedlogmessage event attribute content for the event with the given uuid (response content-type: application/xml). If empty, you will get a 204 No content HTTP response.
Example request:
GET http://{hostname}:{port}/services/eventlogging/events/149edf25-7f94-4
90a-bc07-4fcb860cb9fe/signatureGET /events?
It returns a collection of relevant events matching a specified search query. The search query supports FIQL (Feed Item Query Language) syntax for simple data types. FIQL provides a way to express complex search expressions using an intuitive and URI friendly language.
Currently, only the following FIQL operators are supported:
| Operator | Description |
|---|---|
| Operator | Description |
| “==” | Equal |
| “;” | AND |
| “,” | OR |
| "=lt=" | Less Than |
| "=le=" | Less or Equal |
| "=gt=" | Greater Than |
| "=ge=" | Greater or Equal |
Search parameters:
|
category optional |
Specifies the category of the event to be searched. Example value: security |
|
severity optional |
Specifies the severity of the event to be searched. Example value: fatal |
|
eventtype optional |
Specifies the type of the event to be searched. Example values: LOGEvent, OSGiEvent, SAMEvent. |
|
correlationid optional |
Specifies the correlation ID of the event to be searched. Example value: 21760804-4961 |
|
subject optional |
Specifies the subject associated with the event to be searched. Example value: Alice |
|
agentid optional |
Specifies the agent ID which is associated with the event. Example value: Agent3455 |
|
agenttimestamp optional |
Returns all the events matching the given agent timestamp. Date should be formatted as UTC time format: YYYY-MM-DDThh:mm:ss.sTZD. Example value: 2013-10-10T12:22:06.060+0000 |
|
servertimestamp optional |
Returns all the events matching the given server timestamp. Date should be formatted as UTC time format: YYYY-MM-DDThh:mm:ss.sTZD. Example value: 2013-10-10T12:22:06.060+0000 |
|
audit optional |
Specified to return the events needs to be audited or not be audited. Example value: true/false |
|
auditsequenceno optional |
Specifies the auditsequenceno of the event to be searched. Example value: 1234 |
Examples of search query:
-
/events?_s=category==security;severity==ERRORThe above search query will return all the events of the security category and ERROR severity.
-
/events?_s=category==security;(severity==ERROR,severity==WARN)The above search query will return all the events of the security category and with either ERROR or WARN severity.
-
/events?_s=category==system;agenttimestamp=ge=2013-10-10 T12:22:06.060+0000;agenttimestamp=le=2013-10-10T12:22:06.076+0000The above search query will return all the events of the system category and the agenttimestamp greater than or equal to 2013-10-10T12:22:06.060+0000 and less than or equal to 2013-10-10T12:22:06.076+0000.
Information noteNote: FIQL queries must be URL encoded. This means, in particular, that if you are using FIQL with a Web browser, use "%2B" instead of "+" in date format.For example: 2013-10-10T12:22:06.060%2B0000
It is also possible to search on complexe log event data types like logSource and customInfo. However, only the equal "=" operations are supported for complex data types.
The following syntax can be used to define a filter for a complex event data type:
-
logsource.<key>=<value>
-
custominfo.<key>=<value>
Examples of complex data type search query:
-
/events?logsource.host.name=myserver
The above search query will return all the events from a computer with the hostname "myserver".
-
/events?custominfo.mykey=myValue&logsource.file.name=LogEventHigh.java
The above search query will return all the events that contain a "mykey" parameter of value "myValue" in its customInfo field (MDC property) and come from the "LogEventHigh.java" file.
It is also possible to combine FIQL search queries for simple data types with search parameter for complex data types.
Examples of combined search query:
/events?logsource.bundle.name=myservice&_s=audit==true;auditsequenceno=gt=5The above search query will return all audit events from a bundle named "myservice" where the auditsequenceno is greater than 5.
Controlling the response
The response of the search query can be controlled with the following parameters:
|
limit optional |
Limits the result set to the first "n" number of rows (always ordered by agenttimestamp descending). Example value: 100 |
|
include_logmessage optional |
Specifies if the log message needs to be included in the returned result of events. Example value: true/false |
|
include_signedlogmessage optional |
Specifies if the signed log message needs to be included in the returned result of events. Example value: true/false |
|
include_logsource optional |
Specifies if the log source needs to be included in the returned result of events. Example value: true/false |
|
include_custominfo optional |
Specifies if the custom info properties needs to be included in the returned result of events. Example value: true/false |
|
include_all optional |
Specifies if all extra properties of th event described by the above mentioned include_* parameters needs to be included in the returned result of events. Example value: true/false |
Example Request:
GET /events?_s=category==system&count=2&includecustominfo=trueRequest Body:
{
"events": [
{
"eventUUID": "ad082036-a873-49dd-8fd8-f5f75a1a6763",
"category": "system",
"eventType": "LOGEvent",
"severity": "INFO",
"logMessage": "Route: route32 started and consuming from: Endpoint[paxlo
gging://eventloglisteneraudit]",
"logSource": {
"bundle.id": "170",
"bundle.name": "org.apache.camel.camel-core",
"bundle.version": "2.12.1",
"class.name": "org.apache.camel.impl.DefaultCamelContext",
"file.name": "DefaultCamelContext.java",
"host.name": "sopera",
"line.number": "2183",
"logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
"method.name": "doStartOrResumeRouteConsumers",
"process.id": "6468"
},
"logTimestamp": "2013-11-13T09:13:58.123+0000",
"agentId": "agent1",
"agentTimestamp": "2013-11-13T09:13:58.131+0000",
"serverTimestamp": "2013-11-13T09:14:59.186+0000",
"audit": false,
"customInfo": {
"activemq.broker": "eventloggingbroker"
}
},
{
"eventUUID": "f75ae2a7-6cbc-4213-946a-a43cb62d7f70",
"category": "system",
"eventType": "LOGEvent",
"severity": "WARN",
"logMessage": "Can't find the the request for https://localhost:9001/ser
vices/XacmlRegistryAtom's Observer ",
"logSource": {
"bundle.id": "130",
"bundle.name": "org.apache.cxf.cxf-rt-transports-http",
"bundle.version": "2.7.7",
"class.name": "org.apache.cxf.transport.servlet.ServletController",
"file.name": "ServletController.java",
"host.name": "sopera",
"line.number": "175",
"logger.name": "org.apache.cxf.transport.servlet.ServletController",
"method.name": "invoke",
"process.id": "6468"
},
"logTimestamp": "2013-11-13T09:17:55.894+0000",
"agentId": "agent1",
"agentTimestamp": "2013-11-13T09:17:55.896+0000",
"serverTimestamp": "2013-11-13T09:18:56.473+0000",
"audit": false,
"customInfo": {}
}
],
"searchMetadata": {
"count": 2,
"totalCount": 83
}
}POST /events
Adds a single or a collection of events to the Event Logging backend. On success, the resource invocation will result into HTTP code 204.
Parameters
The following attributes in the event/events object should not be empty. The other attributes defined in the event structure above can be empty.
| Attribute Name |
|---|
| id |
| category |
| agenttimestamp |
| agentid |
|
auditsequenceno (required in case if it is an audit event) |
Example request:
POST http://{hostname}:{port}/services/eventlogging/events/Content-Type:
application/jsonRequest Body:
[
{
"eventUUID": "ad082036-a873-49dd-8fd8-f5f75a1a6763",
"category": "system",
"eventType": "LOGEvent",
"severity": "INFO",
"logMessage": "Route: route32 started and consuming from: Endpoint[paxlogg
ing://eventloglisteneraudit]",
"logSource": {
"bundle.id": "170",
"bundle.name": "org.apache.camel.camel-core",
"bundle.version": "2.12.1",
"class.name": "org.apache.camel.impl.DefaultCamelContext",
"file.name": "DefaultCamelContext.java",
"host.name": "sopera",
"line.number": "2183",
"logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
"method.name": "doStartOrResumeRouteConsumers",
"process.id": "6468"
},
"logTimestamp": "2013-11-13T09:13:58.123+0000",
"agentId": "agent1",
"agentTimestamp": "2013-11-13T09:13:58.131+0000",
"serverTimestamp": "2013-11-13T09:14:59.186+0000",
"audit": false,
"customInfo": {
"activemq.broker": "eventloggingbroker"
}
},
{
"eventUUID": "f75ae2a7-6cbc-4213-946a-a43cb62d7f70",
"category": "system",
"eventType": "LOGEvent",
"severity": "WARN",
"logMessage": "Can't find the the request for https://localhost:9001/servi
ces/XacmlRegistryAtom's Observer ",
"logSource": {
"bundle.id": "130",
"bundle.name": "org.apache.cxf.cxf-rt-transports-http",
"bundle.version": "2.7.7",
"class.name": "org.apache.cxf.transport.servlet.ServletController",
"file.name": "ServletController.java",
"host.name": "sopera",
"line.number": "175",
"logger.name": "org.apache.cxf.transport.servlet.ServletController",
"method.name": "invoke",
"process.id": "6468"
},
"logTimestamp": "2013-11-13T09:17:55.894+0000",
"agentId": "agent1",
"agentTimestamp": "2013-11-13T09:17:55.896+0000",
"serverTimestamp": "2013-11-13T09:18:56.473+0000",
"audit": false,
"customInfo": {}
}
]