Event Logging Service API - 7.3

Talend ESB Infrastructure Services Configuration Guide
Version
7.3
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Last publication date
2023-12-26
Deprecated

Resource and URI:

This section describes the Event Logging REST Service resources and URI. The base URI for the service will be:

http://{hostname}:{port}/services/eventlogging/

GET /

Resource to check if Event Logging REST Service is online. On success, it will return an HTTP code 200.

Example request:

GET   http://{hostname}:{port}/services/eventlogging/

GET /events/{eventUUID}

It returns an event with the given uuid.

Example request:

GET http://{hostname}:{port}/services/eventlogging/events/fe5338b4-fc8a-451
e-9d28-33c73cd1d828

Request Body:

{
"eventUUID": "392c775b-8072-45b2-bf6b-fa1ffb1ffc6c",
  "category": "system",
  "eventType": "LOGEvent",
  "severity": "INFO",
  "logMessage": "Total 3 routes, of which 3 is started.",
  "logSource": {
    "bundle.id": "170",
    "bundle.name": "org.apache.camel.camel-core",
    "bundle.version": "2.12.1",
    "class.name": "org.apache.camel.impl.DefaultCamelContext",
    "file.name": "DefaultCamelContext.java",
    "host.name": "sopera",
    "line.number": "1533",
    "logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
    "method.name": "start",
    "process.id": "6468"
  },
  "logTimestamp": "2013-11-13T09:13:58.126+0000",
  "agentId": "agent1",
  "agentTimestamp": "2013-11-13T09:13:58.134+0000",
  "serverTimestamp": "2013-11-13T09:14:59.187+0000",
  "audit": false,
  "customInfo": {
    "activemq.broker": "eventloggingbroker"
  }
}

GET /events/{eventUUID}/signature

If not empty, this request returns a signedlogmessage event attribute content for the event with the given uuid (response content-type: application/xml). If empty, you will get a 204 No content HTTP response.

Example request:

GET   http://{hostname}:{port}/services/eventlogging/events/149edf25-7f94-4
90a-bc07-4fcb860cb9fe/signature

GET /events?

It returns a collection of relevant events matching a specified search query. The search query supports FIQL (Feed Item Query Language) syntax for simple data types. FIQL provides a way to express complex search expressions using an intuitive and URI friendly language.

Currently, only the following FIQL operators are supported:

Operator Description
Operator Description
“==” Equal
“;” AND
“,” OR
"=lt=" Less Than
"=le=" Less or Equal
"=gt=" Greater Than
"=ge=" Greater or Equal

Search parameters:

category

optional

Specifies the category of the event to be searched.

Example value: security

severity

optional

Specifies the severity of the event to be searched.

Example value: fatal

eventtype

optional

Specifies the type of the event to be searched.

Example values: LOGEvent, OSGiEvent, SAMEvent.

correlationid

optional

Specifies the correlation ID of the event to be searched.

Example value: 21760804-4961

subject

optional

Specifies the subject associated with the event to be searched.

Example value: Alice

agentid

optional

Specifies the agent ID which is associated with the event.

Example value: Agent3455

agenttimestamp

optional

Returns all the events matching the given agent timestamp. Date should be formatted as UTC time format: YYYY-MM-DDThh:mm:ss.sTZD.

Example value: 2013-10-10T12:22:06.060+0000

servertimestamp

optional

Returns all the events matching the given server timestamp. Date should be formatted as UTC time format: YYYY-MM-DDThh:mm:ss.sTZD.

Example value: 2013-10-10T12:22:06.060+0000

audit

optional

Specified to return the events needs to be audited or not be audited.

Example value: true/false

auditsequenceno

optional

Specifies the auditsequenceno of the event to be searched.

Example value: 1234

Examples of search query:

  • /events?_s=category==security;severity==ERROR

    The above search query will return all the events of the security category and ERROR severity.

  • /events?_s=category==security;(severity==ERROR,severity==WARN)

    The above search query will return all the events of the security category and with either ERROR or WARN severity.

  • /events?_s=category==system;agenttimestamp=ge=2013-10-10
T12:22:06.060+0000;agenttimestamp=le=2013-10-10T12:22:06.076+0000

    The above search query will return all the events of the system category and the agenttimestamp greater than or equal to 2013-10-10T12:22:06.060+0000 and less than or equal to 2013-10-10T12:22:06.076+0000.

    Note: FIQL queries must be URL encoded. This means, in particular, that if you are using FIQL with a Web browser, use "%2B" instead of "+" in date format.

    For example: 2013-10-10T12:22:06.060%2B0000

It is also possible to search on complexe log event data types like logSource and customInfo. However, only the equal "=" operations are supported for complex data types.

The following syntax can be used to define a filter for a complex event data type:

  • logsource.<key>=<value>

  • custominfo.<key>=<value>

Examples of complex data type search query:

  • /events?logsource.host.name=myserver

    The above search query will return all the events from a computer with the hostname "myserver".

  • /events?custominfo.mykey=myValue&logsource.file.name=LogEventHigh.java

    The above search query will return all the events that contain a "mykey" parameter of value "myValue" in its customInfo field (MDC property) and come from the "LogEventHigh.java" file.

It is also possible to combine FIQL search queries for simple data types with search parameter for complex data types.

Examples of combined search query:

/events?logsource.bundle.name=myservice&_s=audit==true;auditsequenceno=gt=5

The above search query will return all audit events from a bundle named "myservice" where the auditsequenceno is greater than 5.

Controlling the response

The response of the search query can be controlled with the following parameters:

limit

optional

Limits the result set to the first "n" number of rows (always ordered by agenttimestamp descending).

Example value: 100

include_logmessage

optional

Specifies if the log message needs to be included in the returned result of events.

Example value: true/false

include_signedlogmessage

optional

Specifies if the signed log message needs to be included in the returned result of events.

Example value: true/false

include_logsource

optional

Specifies if the log source needs to be included in the returned result of events.

Example value: true/false

include_custominfo

optional

Specifies if the custom info properties needs to be included in the returned result of events.

Example value: true/false

include_all

optional

Specifies if all extra properties of th event described by the above mentioned include_* parameters needs to be included in the returned result of events.

Example value: true/false

Example Request:

GET /events?_s=category==system&count=2&includecustominfo=true

Request Body:

{
  "events": [
    {
	  "eventUUID": "ad082036-a873-49dd-8fd8-f5f75a1a6763",
	  "category": "system",
	  "eventType": "LOGEvent",
	  "severity": "INFO",
	  "logMessage": "Route: route32 started and consuming from: Endpoint[paxlo
gging://eventloglisteneraudit]",
	  "logSource": {
		"bundle.id": "170",
		"bundle.name": "org.apache.camel.camel-core",
		"bundle.version": "2.12.1",
		"class.name": "org.apache.camel.impl.DefaultCamelContext",
		"file.name": "DefaultCamelContext.java",
		"host.name": "sopera",
		"line.number": "2183",
		"logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
		"method.name": "doStartOrResumeRouteConsumers",
		"process.id": "6468"
	  },
	  "logTimestamp": "2013-11-13T09:13:58.123+0000",
	  "agentId": "agent1",
	  "agentTimestamp": "2013-11-13T09:13:58.131+0000",
	  "serverTimestamp": "2013-11-13T09:14:59.186+0000",
	  "audit": false,
	  "customInfo": {
		"activemq.broker": "eventloggingbroker"
	  }
    },
    {
	  "eventUUID": "f75ae2a7-6cbc-4213-946a-a43cb62d7f70",
	  "category": "system",
	  "eventType": "LOGEvent",
	  "severity": "WARN",
	  "logMessage": "Can't find the the request for https://localhost:9001/ser
vices/XacmlRegistryAtom's Observer ",
	  "logSource": {
		"bundle.id": "130",
		"bundle.name": "org.apache.cxf.cxf-rt-transports-http",
		"bundle.version": "2.7.7",
		"class.name": "org.apache.cxf.transport.servlet.ServletController",
		"file.name": "ServletController.java",
		"host.name": "sopera",
		"line.number": "175",
		"logger.name": "org.apache.cxf.transport.servlet.ServletController",
		"method.name": "invoke",
		"process.id": "6468"
	  },
	  "logTimestamp": "2013-11-13T09:17:55.894+0000",
	  "agentId": "agent1",
	  "agentTimestamp": "2013-11-13T09:17:55.896+0000",
	  "serverTimestamp": "2013-11-13T09:18:56.473+0000",
	  "audit": false,
	  "customInfo": {}
    }
  ],
  "searchMetadata": {
    "count": 2,
    "totalCount": 83
  }
}

POST /events

Adds a single or a collection of events to the Event Logging backend. On success, the resource invocation will result into HTTP code 204.

Parameters

The following attributes in the event/events object should not be empty. The other attributes defined in the event structure above can be empty.

Attribute Name
id
category
agenttimestamp
agentid

auditsequenceno (required in case if it is an audit event)

Example request:

POST    http://{hostname}:{port}/services/eventlogging/events/Content-Type: 
application/json

Request Body:

[
  {
	"eventUUID": "ad082036-a873-49dd-8fd8-f5f75a1a6763",
	"category": "system",
	"eventType": "LOGEvent",
	"severity": "INFO",
	"logMessage": "Route: route32 started and consuming from: Endpoint[paxlogg
ing://eventloglisteneraudit]",
	"logSource": {
      "bundle.id": "170",
	  "bundle.name": "org.apache.camel.camel-core",
	  "bundle.version": "2.12.1",
	  "class.name": "org.apache.camel.impl.DefaultCamelContext",
	  "file.name": "DefaultCamelContext.java",
	  "host.name": "sopera",
	  "line.number": "2183",
	  "logger.name": "org.apache.camel.blueprint.BlueprintCamelContext",
	  "method.name": "doStartOrResumeRouteConsumers",
	  "process.id": "6468"
    },
    "logTimestamp": "2013-11-13T09:13:58.123+0000",
    "agentId": "agent1",
    "agentTimestamp": "2013-11-13T09:13:58.131+0000",
    "serverTimestamp": "2013-11-13T09:14:59.186+0000",
    "audit": false,
    "customInfo": {
	"activemq.broker": "eventloggingbroker"
    }
  },
  {
	"eventUUID": "f75ae2a7-6cbc-4213-946a-a43cb62d7f70",
	"category": "system",
	"eventType": "LOGEvent",
	"severity": "WARN",
	"logMessage": "Can't find the the request for https://localhost:9001/servi
ces/XacmlRegistryAtom's Observer ",
	"logSource": {
	  "bundle.id": "130",
	  "bundle.name": "org.apache.cxf.cxf-rt-transports-http",
	  "bundle.version": "2.7.7",
	  "class.name": "org.apache.cxf.transport.servlet.ServletController",
	  "file.name": "ServletController.java",
	  "host.name": "sopera",
	  "line.number": "175",
	  "logger.name": "org.apache.cxf.transport.servlet.ServletController",
	  "method.name": "invoke",
	  "process.id": "6468"
	},
	"logTimestamp": "2013-11-13T09:17:55.894+0000",
	"agentId": "agent1",
	"agentTimestamp": "2013-11-13T09:17:55.896+0000",
	"serverTimestamp": "2013-11-13T09:18:56.473+0000",
	"audit": false,
	"customInfo": {}
  }
]