The Aria Operations API gets most of the attention, but Aria Operations for Logs has a rich API surface as well, let's explore.
First, your Logs API can be found at https://operations_for_logs_here/rest-api. It's a rich Swagger UI with several examples, which was introduced in 8.18 and documented by the Release Notes.
First thing I noticed, is that when you attempt to authenticate via the Authorize button, you're prompted for a sessionId retrieved from /api/v2/sessions. For reference, some people call sessionIds Bearer Tokens, so keep that in mind when researching. For the sake of consistency, I'll call them sessionIds.
So, let's go get this sessionId via POST /api/v2/sessions. The example looks like this.
Let's provide our local credentials and get a sessionId in return.
The sessionId in the Response Body is what we need. Go back up to Authorize and past the sessionId then Close.
Now that we've authenticated we can run commands against API endpoints via the UI.
You'll notice that the default TTL is 1800 seconds (30m) and can't be changed/requested via the POST /api/v2/session request, but rather it can be changed here: https://aria_operations_for_logs_here/internal/config.
After saving the change, I'll request another sessionId and here's what I get.
To get a sessionId via an API tool like Postman, it would start like this:
Notice the POST against https://10.167.244.233:9543/api/v2/sessions which I created based on the endpoint I was hitting in the Swagger UI. Then take the default Params and No Auth for Authorization.
Take the default Headers, but adjust your Body to be similar to your Swagger based Body.
Click Send and you'll get your sessionId.
You can now use this sessionId for subsequent calls, like this.
We can do other cool things like inject log messages via API as well, here's how to do it via Swagger.
Looks like this on the Aria Operations for Logs UI.
You can do the same via POSTMAN, using your sessionID as your Bearer Token in the Authorization tab and the following in your Body.
Once sent, it looks like this.
Aria Operations for Logs API is powerful, use it!
What I'd love in the API is a way to check which hosts are being seen and how long ago the lost log message from that host is. This helps me in seeing if we're still monitoring all hosts correctly.