Issues with query in the API
I am currently using python to call the Sumo Logic API.
I have successfully managed to get a basic query to work e.g
'"LPL" | parse "ClientId:*" as ClientId nodrop | fields -_raw'
However as I try to build this up and and some "AND"s to the query it stops working e.g
'"LPL" AND "ApiDomain:PublicApi" | parse "ClientId:*" as ClientId nodrop | fields -_raw'
Ultimately this is the query I want to run (which works in the sumo logic UI:
"LPL"
AND "\"ApiDomain\":\"PublicApi\",\"PublicAPI\":\"True\""
AND _source = "APC"
| parse "\"ClientId\":\"*\"" as ClientId nodrop
| parse "\"HttpMethod\":\"*\"," as HttpMethod nodrop
| parse "\"StatusCode\":\"*\"," as StatusCode
| parse "\"Url\":\"*\"," as api_url nodrop
| parse field=api_url "https://api.test.com/v1/*" as endpoint nodrop
| parse field=api_url "https://api.test.com/v1/*?" as endpoint nodrop
| parse "\"QueryString\":\"*\"," as QueryString nodrop
I am fairly new to this and I am hoping someone with more experience can shed some light on what I am doing wrong.
Thanks :)
-
Official comment
Gavin,
Any query that works in the UI should also work via the API. Are you getting an error? If so can you share that? It might help also if you share the python code, or at least the parts where you are creating the query and calling the API.
Regard,
Timothy MacDonald
Comment actions
Please sign in to leave a comment.
Comments
1 comment