Log collection endpoints in the REST API

You can collect logs in BMC Helix Log Analytics and analyze them by searching, mapping, and using other functions.

The following video (4:47) explains the process of collecting logs by using REST API:

icon_play.pngWatch the YouTube video about the process of collecting logs by using REST API in BMC Helix Log Analytics.

Related topics

Creating-collection-policies

Troubleshooting-log-collection-and-visualization-in-the-Log-explorer

POST

Collect logs
Request URL
https://<Your BMC Helix Portal URL>/log-service/api/v1.0/logs
Example request URL
https://HostA.bmc.com/log-service/api/v1.0/logs
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token> OR apiKey <API key>  
Request body
{
valid JSON to ingest logs
}
Example - request body
[{
 "input": {
 "type": "log"
 },
 "auth": "-",
 "@timestamp": "2020-08-12T13:36:09.947Z",
 "agent": {
 "type": "filebeat",
 "id": "e2043b6b-03b4-45a8-8122-a5bf7da71b4e",
 "hostname": "host name",
 "ephemeral_id": "46c17863-3ae5-4d30-99fb-8d92706a0119",
 "version": "7.7.1"
 },
 "ident": "-",
 "httpversion": "1.1",
 "@version": "1",
 "request": "/",
 "bytes": "590",
 "response": "401",
 "ecs": {
 "version": "1.5.0"
 },
 "tags": ["beats_input_codec_plain_applied"],
 "log": {
 "offset": 0,
 "file": {
 "path": "<file path>"
 }
 },
 "verb": "GET",
 "host": {
 "os": {
 "family": "windows",
 "version": "10.0",
 "platform": "windows",
 "build": "14393.3750",
 "kernel": "10.0.14393.3750 (rs1_release.200601-1853)",
 "name": "Windows Server 2016 Standard"
 },
 "mac": ["00:50:56:8f:32:8c", "00:00:00:00:00:00:00:e0", "00:00:00:00:00:00:00:e0"],
 "id": "317c191e-b88f-4e58-844d-e0158dce6d6a",
 "name": "host name",
 "architecture": "x86_64",
 "ip": ["fe80::85b5:401b:ae4d:9fcc", "<IP address>", "fe80::5efe:a85:b236", "2001:0:348b:fb58:c57:ec66:3f0a:5ddb", "fe80::c57:ec66:3f0a:5ddb"],
 "hostname": "host name"
 },
 "message": "[29/Jul/2020:17:06:03 +0530] \"GET / HTTP/1.1\" 401 590"
}]

Successful response

All records are accepted and queued to move to Elasticsearch.

Unsuccessful responses

Scenario 1: No records ingested

  • Check URL and API key in the http plugin.
  • Check index pattern exists. If not, create a new index pattern and ensure that the name starts in the following pattern - log-xx_r14_v1*. The value of xx is available in the name suggestions.

Scenario 2: Unable to log on to BMC Helix Log Analytics

Contact BMC Support.

Scenario 3: Unable to add filters by using fields

In place of the data type icon of a field, if you see the '?' sign, refresh the field list on the index pattern page (Management > Index pattern > index pattern name).


Response codes

Code

Message

Description

200

Queued

All records are accepted and queued to move to Elasticsearch.

206

Partially queued

Some records are queued. Contact BMC Support.

401

Authentication has failed

Verify the API key and tenant registration.

413

Data validation failed for all records.

All records have more than 200 fields.

422

You have reached the maximum limit to store log data in a day in your trial environment. To get license, contact BMC Support.
Or
You have reached the maximum limit to store log data in a day. To increase the limit, contact BMC Support.

Log limit has exceeded.

500

Unable to connect to server.

All log records are not accepted.


Log enrichment

You can enrich logs with the host or service name that caused service degradation. To enrich with the host name, use the log_source_host field, which provides information about the data source where the logs orginated. For logs ingested from third-party sources through REST APIs, manually add information in the log_source_host filed in the log records.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*