Query

Runs a Logpresso query, waits for it to complete, and then retrieves the query results. For queries that take a long time, it is recommended to use the Create Cursor API as timeouts may occur depending on client settings. If you disconnect the HTTP connection, the query you were executing is immediately canceled.

HTTP Request

GET /api/sonar/query
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     "https://HOSTNAME/api/sonar/query?q=system+tables"
Request Parameters
KeyRequiredTypeDescriptionNote
qOStringLogpresso query string
offsetX64-bit integerNumber of records to skipMinimum 0. Default 0
limitX64-bit integerMaximum number of records to loadMinimum 0. If not specified, load all records
fieldsXStringList of output field namesComma-separated list
formatXStringOutput formatOne of the following: html, xml, csv, json.

Success Response

Below is an example response to a system tables | fields table query. If text/html is given in the Accept header, it will be output in HTML format. Otherwise, it will be output in newline-delimited JSON format.

{"table":"sonar_event_00001"}
{"table":"sonar_raw_event_00001"}

Error Responses

Missing query argument

HTTP status code 400

{
    "error_code": "null-argument",
    "error_msg": "q should be not null"
}
Invalid query

HTTP status code 400

{
    "error_code": "invalid-query",
    "error_msg": "(10200) missing-json-quotation"
}
offset or limit value is not an integer

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "offset should be long type."
}
offset or limit value is negative

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "offset should be non-negative integer."
}
Invalid format value

HTTP status code 400

{
    "error_code": "invalid-argument",
    "error_msg": "format should be html, xml, csv, or json."
}