Queries that return data in the Sumo dashboard return empty array when invoked from the API

Follow

Hardeep Singh

• May 14, 2020 19:59

I am having issues with the queries made using the API endpoints. Even slightly elaborate queries that work in the Sumo dashboard don't return any data when invoked from the API

 

For example

The following query returns data in the dashboard 

_collector="okd-staging" jacob exec

But returns an empty array in API

curl -H "Authorization: Basic ...." -X GET https://api.us2.sumologic.com/api/v1/logs/search?q=_collector=%22okd-staging%22%20jacob%20exec&from=2020-05-13T17:35:12&to=2020-05-14T17:35:12&format=json

 

 

On the other hand the query without the exec returns data in the dashboard 

_collector="okd-staging" jacob

 

As well as the API

curl -H "Authorization: Basic ...." -X GET https://api.us2.sumologic.com/api/v1/logs/search?q=_collector=%22okd-staging%22%20jacob%20&from=2020-05-13T02:33:15&to=2020-05-14T02:33:15&format=json

0

• 

  Rick Jury

  • May 14, 2020 21:32

  Hi Hardeep,

  it's very hard to say what is happening here without access to your logs and account - for example you can get behaviour like this if you have RBAC roles and the key you are using has different access to the user.

  I'd suggest you log a support ticket https://support.sumologic.com/hc/en-us/requests/new - unless you are able to post more of the actual event data and other information here.

  0

  Comment actions Permalink
• 

  Hardeep Singh

  • May 14, 2020 22:31

  Hi Rick

  Thanks for your response. I found out the reason for the discrepancy. The time interval in the dashboard was 7 days while the time interval in the query was 1 day. Once I changed the timestamps I got the results back   

  0

  Comment actions Permalink

Please sign in to leave a comment.