Log Insight: Configuration APIs

A few months back, I blogged about Log Insight GET configuration APIs. At the time, my goal was to provide a set of BASH functions that could be used to call Log Insight APIs and also to provide some minimum documentation on the Tech Preview configuration APIs in Log Insight 3.6. For one of my vBrownBag sessions at VMworld, I updated these functions and included some POST configuration APIs as well. Read on to learn more!
li-logo

After playing around with my initial BASH functions a bit, I realized the following changes would be beneficial:

  • Use port 9543 (cfapi over TLS) instead of 443 (HTTPS) for all API calls (some require this)
  • Better messaging when running liauth
  • Clearing of environment variable only with properly authenticated liauth calls
  • Some POST commands (ingest + configuration)
  • Header in returned results (so you know when you are using a Tech Preview API)

The last change does result in different behavior of returned results and may break any scripts leveraging the old return value of the previous BASH functions. You can simply just take the last line of the returned result to get back to default behavior (i.e. tail -n 1). In the future, I may add a command line option to handle this.
With the POST additions you can now call the query API with something like:

$ liapi 172.16.90.156 POST events/ingest/1234 '{"events": [{"fields": [{"name": "field", "content": "value"}], "text": "Hello world", "timestamp": 1396622879241 }]}'

You can also call POST configuration APIs such as the deployment API with something like:

$ liauth 172.16.90.156 Local apiuser Password123!
$ liapi 172.16.90.156 POST deployment/new '{"user": {"userName": "admin", "password": "Password123!", "email": "[email protected]"}}'

Here is a carry over example of how to get agent statistics from my previous blog post:

$ > liauth 172.16.90.156 Local apiuser Password123!
$ > liapi 172.16.90.156 agent
{"agents":[{"agentId":"564d4dfc-6bca-07ce-3ef9-e8c1ac61ce47","lastSeen":1467569599216,"statsAsOf":1465606712683,"totalEvts":27941,"droppedEvts":0,"evtRate":0.0,"os":"Ubuntu 14.04.4 LTS","version":"3.3.0.3516686","ipAddr":"192.168.1.180","fqdn":"smith01.sflanders.net","agentStatus":"Disconnected"},{"agentId":"564d1c9f-a2fb-fb00-094d-aab5f3036d2e","lastSeen":1468765926073,"statsAsOf":1465606736554,"totalEvts":94981212,"droppedEvts":5,"evtRate":83.98332977294922,"os":"SUSE Linux Enterprise Server 11 (x86_64)","version":"3.4.0.3820781","ipAddr":"192.168.1.118","fqdn":"vcs01.sflanders.net","agentStatus":"Active"}]}
$ > liapi 172.16.90.156 agent --pretty
{
    "agents": [
        {
            "agentId": "564d4dfc-6bca-07ce-3ef9-e8c1ac61ce47",
            "agentStatus": "Disconnected",
            "droppedEvts": 0,
            "evtRate": 0.0,
            "fqdn": "smith01.sflanders.net",
            "ipAddr": "192.168.1.180",
            "lastSeen": 1467569599216,
            "os": "Ubuntu 14.04.4 LTS",
            "statsAsOf": 1465606712683,
            "totalEvts": 27941,
            "version": "3.3.0.3516686"
        },
        {
            "agentId": "564d1c9f-a2fb-fb00-094d-aab5f3036d2e",
            "agentStatus": "Active",
            "droppedEvts": 5,
            "evtRate": 83.98332977294922,
            "fqdn": "vcs01.sflanders.net",
            "ipAddr": "192.168.1.118",
            "lastSeen": 1468765926073,
            "os": "SUSE Linux Enterprise Server 11 (x86_64)",
            "statsAsOf": 1465606736554,
            "totalEvts": 94981212,
            "version": "3.4.0.3820781"
        }
    ]
}

Because I was asked explicitly about leveraging the event forwarder part of the configuration API, I have included this as well:

$ liauth 172.16.90.156 Local apiuser Password123!
$ liapi 172.16.90.156 POST forwarding '{"id": "test1", "host": "192.168.1.1", "port": 514, "protocol": "cfapi", "sslEnabled": "true"}'

BONUS: I have also included a ncevent BASH function which can be used to send events from the CLI via netcat.
You can find the latest Log Insight BASH functions here. As always, feedback is welcome and I am accepting pull requests!

© 2016, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top