Problems with API Query Format (I think)

Follow

Josh Lloyd

• July 01, 2022 22:50

I'm using a python based tool (Meltano/Singer) to extract data from the Sumologic API. In the UI this query works as expected:

_sourceCategory=spam-kubernetes/users/eggs-prod | where logger_name = "com.spam.eggs.conf.jaxrs.ApiLoggingFilter" | count by account_name,account_id,user_oauth_app,user_oauth_client

When I try to paste this query in a .yml file which subsequently gets translated to json in python I get this error:
  "status" : 400,
  "id" : "H0PEY-I29NO-66SV4",
  "code" : "searchjob.generic",
  "message" : "Generic error."

When I try to encode it like so:

_sourceCategory%3Dspam-kubernetes%2Fusers%2Feggs-prod%20%7C%20where%20logger_name%20%3D%20%22com.spam.eggs.conf.jaxrs.ApiLoggingFilter%22%20%7C%20count%20by%20account_name%2Caccount_id%2Cuser_oauth_app%2Cuser_oauth_client

and run it through the same method I get this error:
  "status" : 400,
  "id" : "PDHPN-GYHEK-HTG74",
  "code" : "searchjob.no.records.not.an.aggregation.query",
  "message" : "No records; query is not an aggregation"

0

• 

  Josh Lloyd

  • July 15, 2022 20:50

  it's been several weeks and I still don't have a solution. I have simplified the query however to some barebones that gives the same error using the API:

  _sourceCategory=spam-kubernetes/users/eggs-prod | count by account_id

  yet this query works:

  _sourceCategory=spam-kubernetes/users/eggs-prod | count by account_name

  0

  Comment actions Permalink

Please sign in to leave a comment.