An Application Programming Interface (API) key is a unique identifier. The API Key must be provided as X-BRONTO-API-KEY in headers for the request to be authenticated and authorized by the API server according to the API Key's role. For further information about roles visit [our API Key docs] https://docs.bronto.io/manage/manage-api-keys
Response samples
- 200
- 403
- 429
- 500
- default
{- "api_keys": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Production API Key",
- "created_at": 1710948395538,
- "api_key": "2ad85149",
- "roles": [
- "SearchApi",
- "IngestionApi"
], - "tags": {
- "region": "eu",
- "environment": "production"
}
}
]
}Create a new API key
Authorizations:
Request Body schema: application/jsonrequired
| name required | string [ 1 .. 255 ] characters The name of the API key to create |
| roles required | object A list of api key role ids |
Responses
Request samples
- Payload
{- "name": "Production API Key",
- "roles": [
- "IngestionApi"
]
}Response samples
- 201
- 400
- 403
- 429
- 500
- default
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Production API Key",
- "created_at": 1710948395538,
- "api_key": "2ad85149",
- "roles": [
- "SearchApi",
- "IngestionApi"
], - "tags": {
- "region": "eu",
- "environment": "production"
}
}Delete an API key
Authorizations:
path Parameters
| apiKeyId required | string <uuid> Example: 41521f35-1b06-41f0-9cdc-9a938b5739d1 The ID of the API key to delete |
Responses
Response samples
- 403
- 404
- 429
- 500
- default
{- "code": 200,
- "correlation_id": "string",
- "message": "string"
}Update an API key
Authorizations:
path Parameters
| apiKeyId required | string <uuid> Example: 41521f35-1b06-41f0-9cdc-9a938b5739d1 The ID of the API key to update |
Request Body schema: application/jsonrequired
| name | string [ 1 .. 255 ] characters The new name for the API key |
| roles | object A list of api key role ids |
Responses
Request samples
- Payload
{- "name": "Production API Key",
- "roles": [
- "IngestionApi"
]
}Response samples
- 403
- 404
- 429
- 500
- default
{- "code": 200,
- "correlation_id": "string",
- "message": "string"
}Context is a REST API resource that allows the retrieval of a specified number of log events (default of 100) around a log event of interest, e.g. when a number of log events were returned by a previous query and you then decide you want to see the 50 log events before one of those returned log events. Log events can be retrieved either before, after, or both before and after the specified log event.
Retrieve contextual information for a given sequence and log
Authorizations:
query Parameters
| from | string non-empty unique Example: from=550e8400-e29b-41d4-a716-446655440000&from=297bb888-83b1-44e0-8ab6-47879f1275a2 The ids of the logs to search.
One of either the |
| from_tags | string non-empty unique Example: from_tags=environment:production The tags to search. Each tag should be in the form |
| timestamp required | integer Example: timestamp=1709251200000 The timestamp for the event for which context is being retrieved |
| limit | integer [ 1 .. 6666 ] Default: 100 Example: limit=50 The maximum number of events that an event search should return. In a query with a group by, it limits the number of groups returned. It does not affect a statistical search using aggregate functions. |
| from_sequence | integer Example: from_sequence=111721913 The starting sequence for which to query data. This is more granular than a timestamp but also requires a |
| direction | string Enum: "both" "after" "before" Example: direction=both Enum to indicate if results before or after should be retrieved. |
Responses
Response samples
- 200
- 400
- 429
- 500
- default
{- "explain": {
- "Execution time (millis)": "353"
}, - "result": [
- {
- "@time": "2024-03-27 10:25:40.632 UTC",
- "@sequence": "111721913",
- "@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
- "metadata": {
- "logId": "d2062bfa-97e3-46e4-80bf-86fffbf5d060",
- "timestamp": 1711535140632,
- "sequence": 111721913,
- "origin": "10.0.0.1",
- "selectedKeys": {
- "@time": "2024-03-27 10:25:40.632 UTC"
}, - "unselectedKeys": {
- "id": "message_0",
- "current_time": 1711535140
}
}, - "links": [
]
}
],
}The Bronto Export API allows you to efficiently download large volumes of log data for further analysis. The data to be exported can be filtered by entering the search parameters "from", "where" and "time_range" as per a normal query in the "search_details" object.
To export data the following steps are required:
- Create an export using a POST request, which will return an "export_id", "status" and "progress".
- Use the export id to get the status of the export task by sending a GET request, which will return "status" and "progress" with a value of percentage completed. When the export is completed, the "status" will be "COMPLETE"
- Once the export task has completed you can download your data using curl (or similar) from the "location" URL returned in the GET response.
Response samples
- 200
- default
{- "exports": [
- {
- "export_id": "string",
- "org_id": "string",
- "progress": 0,
- "status": "CREATED",
- "bytes": 0,
- "events": 0,
- "location": "string",
- "search_details": {
- "from": "550e8400-e29b-41d4-a716-446655440000:297bb888-83b1-44e0-8ab6-47879f1275a2",
- "time_range": "Last 3 weeks",
- "timeRange": "Last 3 weeks",
- "fromTs": 1709251200000,
- "from_ts": 1709251200000,
- "toTs": 1711390455601,
- "to_ts": 1711390455601,
- "where": "ip=10.0.0.1"
}, - "created_at": 0,
- "modified_at": 0
}
]
}Create a new export
Authorizations:
Request Body schema: application/jsonrequired
required | object or object or object or object (ExportDetails) | ||||||||||||||||
One of
| |||||||||||||||||
Responses
Request samples
- Payload
{- "search_details": {
- "from": "550e8400-e29b-41d4-a716-446655440000:297bb888-83b1-44e0-8ab6-47879f1275a2",
- "time_range": "Last 3 weeks",
- "timeRange": "Last 3 weeks",
- "fromTs": 1709251200000,
- "from_ts": 1709251200000,
- "toTs": 1711390455601,
- "to_ts": 1711390455601,
- "where": "ip=10.0.0.1"
}
}Response samples
- 201
- 400
- default
{- "export_id": "string",
- "org_id": "string",
- "progress": 0,
- "status": "CREATED",
- "bytes": 0,
- "events": 0,
- "location": "string",
- "search_details": {
- "from": "550e8400-e29b-41d4-a716-446655440000:297bb888-83b1-44e0-8ab6-47879f1275a2",
- "time_range": "Last 3 weeks",
- "timeRange": "Last 3 weeks",
- "fromTs": 1709251200000,
- "from_ts": 1709251200000,
- "toTs": 1711390455601,
- "to_ts": 1711390455601,
- "where": "ip=10.0.0.1"
}, - "created_at": 0,
- "modified_at": 0
}Retrieve an export by ID
Authorizations:
path Parameters
| exportId required | string <uuid> The unique identifier of the export to retrieve |
Responses
Response samples
- 200
- 404
- default
{- "export_id": "string",
- "org_id": "string",
- "progress": 0,
- "status": "CREATED",
- "bytes": 0,
- "events": 0,
- "location": "string",
- "search_details": {
- "from": "550e8400-e29b-41d4-a716-446655440000:297bb888-83b1-44e0-8ab6-47879f1275a2",
- "time_range": "Last 3 weeks",
- "timeRange": "Last 3 weeks",
- "fromTs": 1709251200000,
- "from_ts": 1709251200000,
- "toTs": 1711390455601,
- "to_ts": 1711390455601,
- "where": "ip=10.0.0.1"
}, - "created_at": 0,
- "modified_at": 0
}Logs are a sequence of timestamped log events. Logs can be searched to view events matching a filter or to perform statistical functions on matching events.
Response samples
- 200
- 429
- 500
- default
{- "logs": [
- {
- "logset": "demo",
- "log": "firewall",
- "log_id": "14b5977f-7a80-40ca-bb79-eca6c2abdb34",
- "is_system_generated": false,
- "tags": {
- "region": "eu",
- "environment": "production"
}, - "drop_events": 0,
- "level": "trace"
}
]
}Create a new log
Authorizations:
Request Body schema: application/jsonrequired
| logset | string <= 255 characters The name of the log set |
| log required | string [ 1 .. 255 ] characters The name of the log |
Responses
Request samples
- Payload
{- "logset": "demo",
- "log": "http"
}Response samples
- 201
- 400
- 429
- 500
- default
{- "logset": "demo",
- "log": "firewall",
- "log_id": "14b5977f-7a80-40ca-bb79-eca6c2abdb34",
- "is_system_generated": false,
- "tags": {
- "region": "eu",
- "environment": "production"
}, - "drop_events": 0,
- "level": "trace"
}The REST API for searching data uses queries based on a subset of SQL, with the syntax as per https://docs.brontobytes.io/core-features/log-search/query-syntax/.
There are two types of search:
- event search: allows you to specify a filter and view the matching events returned in the response. The response will be paginated if more than 50 matching events are returned.
- statistical search: allows you to analyse events using a range of aggregate functions, such as count(), which return a number.
Execute a query
The REST API for searching data uses queries based on a subset of SQL, with the syntax as per https://docs.brontobytes.io/core-features/log-search/query-syntax/.
There are two types of search:
- event search: allows you to specify a filter and view the matching events returned in the response. The response will be paginated if more than 50 matching events are returned.
- statistical search: allows you to analyse events using a range of aggregate functions, such as count(), which return a number.
Authorizations:
query Parameters
| from | string non-empty unique Example: from=550e8400-e29b-41d4-a716-446655440000&from=297bb888-83b1-44e0-8ab6-47879f1275a2 The ids of the logs to search.
One of either the |
| from_tags | string non-empty unique Example: from_tags=environment:production The tags to search. Each tag should be in the form |
| time_range | string Examples:
The relative time range for which to query data. Time range supported is from milliseconds to years. For an exact range, use |
| from_ts | integer Example: from_ts=1709251200000 The starting time (unix time in milliseconds) for which to query data. Must be used together with |
| to_ts | integer Example: to_ts=1711390455601 The ending time (unix time in milliseconds) for which to query data. Must be used together with |
| where | string Examples:
The where parameter is used to filter the results of your query. See https://docs.bronto.io/core-features/log-search/query-syntax for more details The filter can combine multiple terms using AND, OR, NOT. |
| select | string Example: select=message The select parameter selects values of one or more specified keys and can be considered to be equivalent to returning columns from a table. It can select keys either by name, e.g. query params with select=ip_address or with an aggregate function (count, max, min, avg, sum) on the values of the specified key, e.g. query params with select=count(ip_address). Multiple selects can be used and they would separated by & in the query param, e.g. &select=count(ip_address)&select=count(hostname). The following internal columns are always available: @time, @origin & @raw |
| groups | string Example: groups=user&groups=ip The groups parameter specifies a key to use to arrange the results returned by an aggregate function, (such as count, max, min, avg, sum) into groups of values. The aggregate function returns a single value for each group. Multiple groups can be specified in the request if separated by &, e.g. query params with &groups=customer_id or &groups=customer_id&groups=hostname. |
| limit | integer [ 1 .. 6666 ] Default: 100 Example: limit=50 The maximum number of events that an event search should return. In a query with a group by, it limits the number of groups returned. It does not affect a statistical search using aggregate functions. |
| num_of_slices | integer Default: 10 Example: num_of_slices=50 The number of buckets to break the time series results up into. |
| from_sequence | integer Example: from_sequence=111721913 The starting sequence for which to query data. This is more granular than a timestamp but also requires a |
| most_recent_first | boolean Example: most_recent_first=true Flag to indicate order in which results should be returned. |
Responses
Response samples
- 200
- 400
- 429
- 500
- default
{- "explain": {
- "Execution time (millis)": "353"
}, - "result": [
- {
- "@time": "2024-03-27 10:25:40.632 UTC",
- "@sequence": "111721913",
- "@raw": "10.0.0.1 - - [27/Mar/2024:10:54:39 +0000] \"GET / HTTP/1.1\" 200 721 \"-\" \"ELB-HealthChecker/2.0\"",
- "metadata": {
- "logId": "d2062bfa-97e3-46e4-80bf-86fffbf5d060",
- "timestamp": 1711535140632,
- "sequence": 111721913,
- "origin": "10.0.0.1",
- "selectedKeys": {
- "@time": "2024-03-27 10:25:40.632 UTC"
}, - "unselectedKeys": {
- "id": "message_0",
- "current_time": 1711535140
}
}, - "links": [
]
}
], - "events": [
- {
- "@raw": "10.0.108.203 - - [27/May/2024:23:47:27 +0000] \"GET / HTTP/1.1\" 200 675 \"-\" \"ELB-HealthChecker/2.0\"",
- "@time": "2024-05-27 23:26:34.331 UTC",
- "message_kvs": {
- "method": "GET",
- "statusCode": "200",
- "path": "/"
}, - "attributes": {
- "$private_ip": "10.0.22.230",
- "$environment": "production"
}, - "metadata": {
- "service_id": "23746675-7022-4985-bd74-4af9eba58d72",
- "timestamp": 1716853347801,
- "sequence": 111721913,
- "context": "\"https://api.eu.bronto.io/context?sequence=213&from=37bdf479-7c95-4e81-982a-25d0680fb602×tamp=1716853354331&direction=both\"\n"
}, - "links": [
]
}
], - "groups": [
- {
- "group": "[US]",
- "count": 124,
- "stat": "average(bytes)",
- "value": 50325.25,
- "timeseries": [
- {
- "@timestamp": "1711535140632",
- "count": 40,
- "value": 35.625,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}
}
]
}
], - "groups_series": [
- {
- "name": "host123",
- "count": 124,
- "stat": "average(duration_millis)",
- "value": 50325.25,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}, - "series_resolution_ms": 60000,
- "timeseries": [
- {
- "@timestamp": "1711535140632",
- "count": 40,
- "value": 35.625,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}
}
], - "groups_series": [
- {
- "name": "host123",
- "count": 124,
- "stat": "average(duration_millis)",
- "value": 50325.25,
- "series_resolution_ms": 60000,
- "timeseries": [
- {
- "@timestamp": "1711535140632",
- "count": 40,
- "value": 35.625,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}
}
]
}
]
}
], - "metadata": {
- "select": [
- "host",
- "status",
- "method"
], - "correlation_id": "00000000-0000-0000-0000-000000000000"
}, - "totals": { },
}Top-Keys is a REST API resource that allows you to easily retrieve the top keys for a specific log.
Get the top keys for a specific log id
Authorizations:
query Parameters
| log_id | string <uuid> Example: log_id=550e8400-e29b-41d4-a716-446655440000 The ids of the logs to retrieve the top keys for. If no log ids are specified, then top keys are returned for all logs. |
Responses
Response samples
- 200
- 400
- 404
- 429
- 500
- default
{- "property1": {
- "property1": {
- "rank": 5,
- "type": "STRING",
- "field_type": "Tags",
- "values": {
- "property1": {
- "value": "string",
- "rank": 0
}, - "property2": {
- "value": "string",
- "rank": 0
}
}
}, - "property2": {
- "rank": 5,
- "type": "STRING",
- "field_type": "Tags",
- "values": {
- "property1": {
- "value": "string",
- "rank": 0
}, - "property2": {
- "value": "string",
- "rank": 0
}
}
}
}, - "property2": {
- "property1": {
- "rank": 5,
- "type": "STRING",
- "field_type": "Tags",
- "values": {
- "property1": {
- "value": "string",
- "rank": 0
}, - "property2": {
- "value": "string",
- "rank": 0
}
}
}, - "property2": {
- "rank": 5,
- "type": "STRING",
- "field_type": "Tags",
- "values": {
- "property1": {
- "value": "string",
- "rank": 0
}, - "property2": {
- "value": "string",
- "rank": 0
}
}
}
}
}Usage is a REST API resource that allows you to easily track your Bronto usage by retrieving usage data relating to data ingestion and amount of data searched, and allowing you to drill down for a specific dataset over a defined timeframe.
Get the usage over a period of time for a log id.
Authorizations:
query Parameters
| time_range | string Examples:
The relative time range for which to calculate usage data. Time range supported is from minutes to years. For an exact range, use |
| from_ts | integer Example: from_ts=1709251200000 The starting time (unix time in milliseconds) for which to calculate usage data. Must be used together with |
| to_ts | integer Example: to_ts=1711390455601 The ending time (unix time in milliseconds) for which to calculate usage data. Must be used together with |
| usage_type | string Enum: "ingestion" "search" "export" The type of usage to query. |
| limit | integer Example: limit=10 Returns the top N logs based on the usage. If not provided, the default limit is 50. The maximum limit is 100. |
| num_of_slices | integer Example: num_of_slices=10 The num_of_slices parameter defines how the time range is divided into intervals. It is optional, and if not provided, a default value is applied. The default number of slices is 1 minute granularity for up to 12 hours time range and 20 minutes granularity for longer than 12 hours time range up to 720 slices. - default for 20 minutes time window: 20 slices - default for 12 hour time window: 720 slices - default for 1 day time window: 72 slices (1 slice per 20 minutes) - default for 10 days time window: 720 slices (1 slice per 20 minutes) - default for 30 days time window: 720 slices (max number of slices allowed) |
Responses
Response samples
- 200
- 400
- 429
- 500
- default
{- "name": "Usage",
- "filter": "event_type='log_usage'",
- "stat": "SUM",
- "key": "bytes_total",
- "is_exact": true,
- "groups_series": [
- {
- "name": "host123",
- "count": 124,
- "stat": "average(duration_millis)",
- "value": 50325.25,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}, - "series_resolution_ms": 60000,
- "timeseries": [
- {
- "@timestamp": "1711535140632",
- "count": 40,
- "value": 35.625,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}
}
], - "groups_series": [
- {
- "name": "host123",
- "count": 124,
- "stat": "average(duration_millis)",
- "value": 50325.25,
- "series_resolution_ms": 60000,
- "timeseries": [
- {
- "@timestamp": "1711535140632",
- "count": 40,
- "value": 35.625,
- "quantiles": {
- "min": 691,
- "p25": 713.75,
- "p50": 796,
- "p75": 847.5,
- "p90": 1237,
- "p95": 1331,
- "p99": 1331,
- "p999": 1331,
- "max": 1331
}
}
]
}
]
}
]
}Users are given specific roles, where each role determines the user's permissions within the application. Those roles are as follows:
- "Admin" role has permission for all actions on all entities in the application.
- "Standard" role allows Read/Write and Delete actions on entities in non-sensitive areas of the application.
- "ReadOnly" role allows only read actions and only on entities in non-sensitive areas of the application.
Response samples
- 200
- 403
- 429
- 500
- default
{- "users": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john@company.com",
- "roles": [
- "ReadOnly",
- "Standard"
], - "last_logins": {
- "Okta": 1731370728,
- "Password": 1731338939
}, - "tags": {
- "region": "eu",
- "environment": "production"
}
}
]
}Create a new user
Authorizations:
Request Body schema: application/jsonrequired
| first_name required | string [ 1 .. 255 ] characters The user's first name |
| last_name required | string [ 1 .. 255 ] characters The user's last name |
| email required | string <email> The user's email address |
| roles required | Array of strings A list of role ids |
Responses
Request samples
- Payload
{- "first_name": "Alice",
- "last_name": "Smith",
- "email": "alice@company.com",
- "roles": [
- "Admin,",
- "Standard",
- "ReadOnly"
]
}Response samples
- 201
- 400
- 403
- 429
- 500
- default
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john@company.com",
- "roles": [
- "ReadOnly",
- "Standard"
], - "last_logins": {
- "Okta": 1731370728,
- "Password": 1731338939
}, - "tags": {
- "region": "eu",
- "environment": "production"
}
}Get a single user by ID
Authorizations:
path Parameters
| userId required | string <uuid> Example: 41521f35-1b06-41f0-9cdc-9a938b5739d1 The unique identifier of the user to retrieve |
Responses
Response samples
- 200
- 403
- 404
- 429
- 500
- default
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john@company.com",
- "roles": [
- "ReadOnly",
- "Standard"
], - "last_logins": {
- "Okta": 1731370728,
- "Password": 1731338939
}, - "tags": {
- "region": "eu",
- "environment": "production"
}
}Updates a user
Authorizations:
path Parameters
| userId required | string <uuid> Unique identifier of the user to update |
Request Body schema: application/jsonrequired
| first_name | string [ 1 .. 255 ] characters The user's first name |
| last_name | string [ 1 .. 255 ] characters The user's last name |
| roles | Array of strings A list of role ids |
Responses
Request samples
- Payload
{- "first_name": "Alice",
- "last_name": "Smith",
- "roles": [
- "Admin",
- "Standard",
- "ReadOnly"
]
}Response samples
- 200
- 400
- 403
- 429
- 500
- default
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "first_name": "John",
- "last_name": "Doe",
- "email": "john@company.com",
- "roles": [
- "ReadOnly",
- "Standard"
], - "last_logins": {
- "Okta": 1731370728,
- "Password": 1731338939
}, - "tags": {
- "region": "eu",
- "environment": "production"
}
}