I'm trying to get logs with context that are more then just "X iterations were found". From the previous question I posted only email supports the macro for the actual logs.
So now I'm looking into what external API query options I have ...
Can I execute a saved query via the REST API? I found how to execute a custom on demand query however I don't want to have to manage the queries in an external system.
Getting Alerts with Context out of Log Server
Re: Getting Alerts with Context out of Log Server
Hi
It sounds like it is possible, but not simple. Search for the saved query and
within the response will be searchSourceJSON. It is a JSON encoded object from which
you can use the index and query to then query Elasticsearch directly.
I have not tried this so I do not know how much, if any, massaging of the returnede data is
required to create a query on-the-fly.
Thanks
It sounds like it is possible, but not simple. Search for the saved query and
within the response will be searchSourceJSON. It is a JSON encoded object from which
you can use the index and query to then query Elasticsearch directly.
I have not tried this so I do not know how much, if any, massaging of the returnede data is
required to create a query on-the-fly.
Thanks