Support for /search endpoints

[gbolo]

This is an excellent project which captures most of the graylog API. While I understand that the goal here was to support API calls that would help configure the graylog instance (hence the terraform provider), wouldn't it be great if it also supported the /search endpoints so that it would be feature complete?

[suzuki-shunsuke]

Thank you for your feedback!
I agree.

I checked API by Graylog's API browser http://127.0.0.1:9000/api/api-browser .
It seems that there are some /search API.

• Enterprise/Search : Searching
• Search/Absolute : Message search
• Search/Decorators : Message search decorators
• Search/Keyword : Message search
• Search/Relative : Message search
• Search/Saved : Saved searches

Which API do you need?
I want to decide the priority.

I'm not familiar with some API, but I think it is good to support Search/Saved : Saved searches at first.

[suzuki-shunsuke]

📝

GET /search/savedGet a list of all saved searches

{
  "total": 1,
  "searches": [
    {
      "id": "5ddf10826df4af000ede1275",
      "title": "test",
      "query": {
        "rangeType": "relative",
        "streamId": "000000000000000000000001",
        "fields": "message,source",
        "relative": 300,
        "query": ""
      },
      "created_at": "2019-11-28T00:10:42.814Z",
      "creator_user_id": "admin"
    }
  ]
}

[gbolo]

Hi @suzuki-shunsuke
Thanks for your quick reply. I typically use GET /search/universal/relative. This is a very useful endpoint to retrive any logs that you are searching for. The saved search would be more suitable for your terraform provider though. If there is any way I can help you, please let me know.

Thanks again