Reducing the scope of a query for log data and formatting the output

You can specify some parameters on fetch requests to reduce the scope of the query and to define the formatting of the output.

You can set these parameters to reduce the scope of the query:

Parameter	Description
"type"	Specifies whether to search stored or current log entries. "stored" — Searches stored log entries. "current" — Searches current log entries. The default is "stored".
"start_ms": NUMBER	Restricts the search to a specific time frame. "start_ms":NUMBER specifies the start of the time frame. The default is 0 (unspecified). "end_ms" :NUMBER specifies the end of the time frame. The default is 0 (unspecified).
"end_ms" : NUMBER
"filter"	Adds a filter to the query to narrow down the log entries that the fetch command returns.

You can optionally set several parameters on the same fetch request:

Parameter	Description
"backwards": BOOLEAN	Specifies the direction of the search. "true" — The search starts from the most recent log entries and searches backwards. "false" — The search starts from the oldest log entries and searches forwards. The default is "true".
"quantity": NUMBER	Specifies the number of log entries to fetch. The default is 0 (unspecified), which fetches all log entries.
"start_record": RECORD_ID	Specifies the string ID of the log entry from which to start the search.
"start_inclusive": BOOLEAN	Specifies whether to include the log entry specified in the "start_record" parameter in the search. The default value is false (the specified log entry is not included in the search).

You can optionally set the value of the "format" parameter to specify the output format. If you do not specify any specific "format" type, the fetched records are sent in the "string" format.

Value Description

"string"

Value	Description
"string"	The output shows a string ID (log key) for the record. The string ID consists of a time stamp, a component identifier, and an event identifier, each separated by a forward slash (/). `{"format":{"type":"string"}}`
"detailed"	The output shows the key values that represent the log fields for each record, but also includes a resolving map that allows you to look up the raw value of a field to obtain its resolved value. `{"format":{"type":"detailed"}}`
"raw"	The output is shown as a set of key values that represent the log fields for each record, and the unresolved data for each log field. `{"format":{"type":"raw"}}`

The output shows a string ID (log key) for the record. The string ID consists of a time stamp, a component identifier, and an event identifier, each separated by a forward slash (/).

{"format":{"type":"string"}}

"detailed"

The output shows the key values that represent the log fields for each record, but also includes a resolving map that allows you to look up the raw value of a field to obtain its resolved value.

{"format":{"type":"detailed"}}

"raw"

The output is shown as a set of key values that represent the log fields for each record, and the unresolved data for each log field.

{"format":{"type":"raw"}}

You can retrieve the full syntax for formatting using the following request:

GET http://[server]:[port]/[version]/monitoring/log/schemas