Stats API
Navigation Notice: When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with other integrated experience products. How you navigate Loggly and access its features may vary from these instructions.
The Loggly Stats API is a RESTful API that allows Loggly Enterprise tier customers to query historical statistics (such as sum, average, percentiles, etc.) of the events. The Stats API provides an advanced querying interface that allows fine grained time period and searching control. This document provides a basic overview of the Stats API and documents all available stats endpoints.
Stats Endpoints
The base endpoint for the Stats API is https://<subdomain>.loggly.com/apiv2/stats/<stat_type>/<field>?<params>
Replace the variable:
- <subdomain>: Replace with your organization's subdomain.
- <stat_type>: Replace with one from the table below.
- <field>: Replace with an indexed field name (only numeric fields are allowed).
- <params>: Optional parameters (search query), f.e. q=error&from=-1h.
All URLs are relative to that endpoint.
All stats calls work of the field name being supplied.
The supported statistics endpoints are the following.
| Endpoint | Description |
|---|---|
| avg | Average of all values of the field during the time frame specified in the query. |
| sum | Sum of all values of a field during the time frame specified in the query. |
| min | Minimum value out of all values of the field during the time frame specified in the query. |
| max | Maximum value out of all values of the field during the time frame specified in the query. |
| percentiles | The value below which a given percentage of events falls. Returned percentiles are 1, 5, 25, 50, 75, 95, 99%. |
| value_count | Count of the events during the time frame specified in the query. |
| cardinality | Calculates an approximate count of distinct values of the field. |
| stats | View basic Stats – avg, sum, min, max, count. |
| all or extended | In addition to the basic stats (avg, sum, min, max, count), extended/all stats will also provide variance, std_deviation and sum_of_squares. |
Authentication
To authenticate, use the "Authorization" key in the HTTP header with the value of the word "bearer" followed by your Loggly search token (see the Token Based API Authentication). In the following command-line cURL examples, replace <token> with your API token and <subdomain> with your organization's subdomain:
curl -H "Authorization: bearer <token>" https://<subdomain>.loggly.com/apiv2/stats/all/json.lineno?q=*&from=-1h&until=now
Stat API Usage Example
If you want to see "all" stats for "json.OpcodeValue" during the last hour, you could run the command below from your terminal window. In this example, you would use the "all" endpoint followed by the field in question, replacing <token> with your API token and <subdomain> with your organization's subdomain:
curl -H "Authorization: bearer <token>" -XGET 'https://<subdomain>.loggly.com/apiv2/stats/all/json.OpcodeValue?q=*&from=-1h'
Response:
{
"field": "json.OpcodeValue",
"stats": {
"count": 35948,
"min": 0.0,
"sum_of_squares": 2.0,
"max": 1.0,
"sum": 2.0,
"std_deviation": 0.007458741394738288,
"variance": 5.563282319358245e-05,
"avg": 5.563591854901524e-05
}
}
Similarly, if you want to see the sum of all values for the same field, then replace "all" with "sum" as shown below:
curl -H "Authorization: bearer <token>" -XGET 'https://<subdomain>.loggly.com/apiv2/stats/sum/json.OpcodeValue?q=*&from=-1h'
Response:
{
"field": "json.OpcodeValue",
"stats": {
"sum": 2.0
}
}
| Stats Endpoint Parameters | ||
|---|---|---|
| q | optional | query string, check out the Search Query help |
| from | optional | Start time for the search. Defaults to "-24h". (See valid time parameters.) |
| until | optional | End time for the search. Defaults to "now". (See valid time parameters.) |
Response Format
To make it easier to understand how a query is being processed we use a specific JSON response format. Here is an example:
{
"field": "json.lineno",
"stats": {
"count": 1,
"min": 267.0,
"sum_of_squares": 71289.0,
"max": 267.0,
"sum": 267.0,
"std_deviation": 0.0,
"variance": 0.0,
"avg": 267.0
}
}
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.