Search

The Search APIs help you to search through the log data collected from your agents. The search query can be formed with the help of Meta Data APIs.

End Points

POST

/api/v2/search

Simple Search

The Simple Search API can be used to perform searches over a smaller data range. The user can create a search request with the set of relevant metadata.
The server executes the request and responds with results directly. Simple Search can be used to search over the first 500000 logs.
OAuth Scope : logs360cloud.search.READ

Arguments

query

string

(Required)

The search query, which can be formed using the log fields API.

start_time

string

(Required)

Start time for the search range, in ISO 8601 date-time format.
The value must be ≥ 1970-01-01T00:00:00Z. Time zone offsets are supported.

end_time

string

(Required)

End time for the search range, in ISO 8601 date-time format.
The value must be ≥ 1970-01-01T00:00:00Z. Time zone offsets are supported.

log_source_ids

array

List of host IDs to search. Can be obtained via the log sources API.
Maximum: 100 host IDs

log_types

array

List of log types to search. Can be obtained via the log types API.
Maximum: 100 log types

log_source_group_ids

array

List of device group IDs to search. Can be obtained via the log sources API.
Maximum: 100 group IDs

from

integer

Start Range of the response.
Default value: 1

limit

integer

Count of logs in search response.
Default value: 10
Maximum: 1000

response_type

string

Specifies whether the response should be based on the client or server.
Default value: server
Accepted values: client, server

Headers

account_id

string

(Required)

Account ID

Request Example

parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/search"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v2/search")
  .post(body)
  .addHeader("account_id", "18XXXXX4")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'POST',
  headers: {
    account_id: '18XXXXX4',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
    'content-type': 'application/json'
  },
  body: '{"field1":"value1","field2":"value2"}'
};

fetch('https://log360cloud.manageengine.com/api/v2/search', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"

headers = {
    'account_id': "18XXXXX4",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    'content-type': "application/json"
    }

conn.request("POST", "/api/v2/search", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "POST",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v2/search",
  "headers": {
    "account_id": "18XXXXX4",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    "content-type": "application/json"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();

curl --request POST \
  --url https://log360cloud.manageengine.com/api/v2/search \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18XXXXX4' \
  --header 'content-type: application/json' \
  --data '{"field1":"value1","field2":"value2"}'

{
    "query": " (  ( severity = \"success\" AND type = \"Security\" ) )",
    "start_time": "2025-03-27T14:30:00Z",
    "end_time": "2025-03-28T14:30:00Z",
    "log_source_ids": [
        30000000251315,
        6000000286357
    ],
    "log_types": [
        "Windows",
        "Unix"
    ],
    "log_source_group_ids": [
        3000000012292,
        6000000013071
    ],
    "from": 1,
    "limit": 1000,
    "response_type": "client"
}

{
    "data": {
        "hits": {
            "rows": [
                {
                    "AccountId": "153935663359",
                    "Event Version": "1.09",
                    "Source": "ela-automation",
                    "IP Address": "136.143.177.61",
                    "Event Source": "cloudtrail.amazonaws.com",
                    "LogType": "aws cloudtrail",
                    "Severity": "information",
                    "Time": "2024-01-04 19:04:37",
                    "Event Type": "awsapicall",
                    "Error Message": "-",
                    "User Agent": "aws-sdk-java/1.11.762 linux/3.10.0-957.21.3.el7.x86_64 openjdk_64-bit_server_vm/11.0.21+9-lts java/11.0.21 groovy/4.0.12 vendor/azul_systems,_inc.",
                    "Event Category": "management"
                }
            ]
        }
    },
    "meta": {
        "total_items": 278973
    }
}

{
    "code": "00000101",
    "title": "Unauthorized",
    "detail": "Invalid OAuth Token"
}

{
    "error": {
        "code": "10001001",
        "title": "Forbidden",
        "detail": "Max Search hits limit for Search API exceeds(500000 hits), Use Bulk Search API to search."
    }
}

Bulk Search

The Bulk Search API can be used to perform searches over a larger data range. The user can create a search request with the set of relevant metadata.
The server executes the request, paginates the data to 5000 records per page and returns with the request ID and total page count. The user can use the request ID to fetch the records of a specified page.
OAuth Scope : logs360cloud.search.READ

Arguments

query

string

(Required)

The search query, which can be formed using the log fields API.

start_time

string

(Required)

Start time for the search range, in ISO 8601 date-time format.
The value must be ≥ 1970-01-01T00:00:00Z. Time zone offsets are supported.

end_time

string

(Required)

End time for the search range, in ISO 8601 date-time format.
The value must be ≥ 1970-01-01T00:00:00Z. Time zone offsets are supported.

log_source_ids

array

List of host IDs to search. Can be obtained via the log sources API.
Maximum: 100 host IDs

log_types

array

List of log types to search. Can be obtained via the log types API.
Maximum: 100 log types

log_source_group_ids

array

List of device group IDs to search. Can be obtained via the log sources API.
Maximum: 100 group IDs

Headers

account_id

string

(Required)

Account ID

Request Example

parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/search/bulk"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v2/search/bulk")
  .post(body)
  .addHeader("account_id", "18XXXXX4")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'POST',
  headers: {
    account_id: '18XXXXX4',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
    'content-type': 'application/json'
  },
  body: '{"field1":"value1","field2":"value2"}'
};

fetch('https://log360cloud.manageengine.com/api/v2/search/bulk', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"

headers = {
    'account_id': "18XXXXX4",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    'content-type': "application/json"
    }

conn.request("POST", "/api/v2/search/bulk", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "POST",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v2/search/bulk",
  "headers": {
    "account_id": "18XXXXX4",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    "content-type": "application/json"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();

curl --request POST \
  --url https://log360cloud.manageengine.com/api/v2/search/bulk \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18XXXXX4' \
  --header 'content-type: application/json' \
  --data '{"field1":"value1","field2":"value2"}'

{
    "query": " (  ( severity = \"success\" AND type = \"Security\" ) )",
    "start_time": "2025-03-27T14:30:00Z",
    "end_time": "2025-03-28T14:30:00Z",
    "log_source_ids": [
        30000000251315,
        6000000286357
    ],
    "log_types": [
        "Windows",
        "Unix"
    ],
    "log_source_group_ids": [
        3000000012292,
        6000000013071
    ]
}

{
    "data": {
        "request_id": 1799008983883
    },
    "meta": {
        "total_pages": 40
    }
}

{
    "code": "00000101",
    "title": "Unauthorized",
    "detail": "Invalid OAuth Token"
}

{
    "error": {
        "code": "10001001",
        "title": "Forbidden",
        "detail": "Max Search hits limit for Search API exceeds(500000 hits), Use Bulk Search API to search."
    }
}

Bulk Search Result

To Fetch the search response of a specific page.
OAuth Scope : logs360cloud.search.READ

Query Parameters

request_id

string

(Required)

Request ID to fetch search results

page

integer

(Required)

Page number

response_type

string

Specifies whether the response should be based on the client or server.
Default value: server
Accepted values: client, server

Headers

account_id

string

(Required)

Account ID

Request Example

headers_data = Map();
headers_data.put("account_id", "18XXXXX4");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://log360cloud.manageengine.com/api/v2/search/bulk?request_id=1799008983883&page=1"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;

OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://log360cloud.manageengine.com/api/v2/search/bulk?request_id=1799008983883&page=1")
  .get()
  .addHeader("account_id", "18XXXXX4")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'GET',
  headers: {
    account_id: '18XXXXX4',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
  }
};

fetch('https://log360cloud.manageengine.com/api/v2/search/bulk?request_id=1799008983883&page=1', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("log360cloud.manageengine.com")

headers = {
    'account_id': "18XXXXX4",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
    }

conn.request("GET", "/api/v2/search/bulk?request_id=1799008983883&page=1", headers=headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "GET",
  "hostname": "log360cloud.manageengine.com",
  "port": null,
  "path": "/api/v2/search/bulk?request_id=1799008983883&page=1",
  "headers": {
    "account_id": "18XXXXX4",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.end();

curl --request GET \
  --url 'https://log360cloud.manageengine.com/api/v2/search/bulk?request_id=1799008983883&page=1' \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'account_id: 18XXXXX4'

{
    "data": {
        "hits": {
            "rows": [
                {
                    "AccountId": "153935663359",
                    "Event Version": "1.09",
                    "Source": "ela-automation",
                    "IP Address": "136.143.177.61",
                    "Event Source": "cloudtrail.amazonaws.com",
                    "LogType": "aws cloudtrail",
                    "Severity": "information",
                    "Time": "2024-01-04 19:04:37",
                    "Event Type": "awsapicall",
                    "Error Message": "-",
                    "User Agent": "aws-sdk-java/1.11.762 linux/3.10.0-957.21.3.el7.x86_64 openjdk_64-bit_server_vm/11.0.21+9-lts java/11.0.21 groovy/4.0.12 vendor/azul_systems,_inc.",
                    "Event Category": "management"
                }
            ]
        }
    },
    "meta": {
        "items_range_in_current_page": "5001-10000",
        "total_items": "5000"
    }
}

{
    "code": "00000101",
    "title": "Unauthorized",
    "detail": "Invalid OAuth Token"
}

{
    "error": {
        "code": "10001001",
        "title": "Forbidden",
        "detail": "Max Search hits limit for Search API exceeds(500000 hits), Use Bulk Search API to search."
    }
}