Logs API

Authentication

Authentication is done via basic auth with your API token. Get your token by clicking “New API Token” on the page: https://app.runreveal.com/dash/workspace/api-tokens.

e.g. with cURL, set the authorization header like so:

$ curl -H 'Authorization: Basic <token>' https://api.runreveal.com/...

Logs Query Endpoint

https://api.runreveal.com/logs/query/v2

The query endpoint accepts SQL queries and returns results.

This endpoint will kick off the query and return up to limit results. The query will continue running in the background.

Here’s a full example using cURL:

curl 'https://api.runreveal.com/logs/query/v2?workspaceid=<wkspID>' \
  -H 'authorization: Basic <token>' \
  -H 'content-type: application/json' \
  --data-raw '{"query":"SELECT receivedAt, workspaceID, sourceType, id, eventName FROM runreveal.logs LIMIT 2;","source":"api","parameters":{"a":"b"},"limit":1000}'
{
  "success": true,
  "result": {
    "queryID": "2e2GQkLQiZNUyDIZXnvGHssbRIH",
    "status": "completed",
    "query": "SELECT receivedAt, workspaceID, sourceType, id, eventName FROM runreveal.logs LIMIT 2;",
    "parameters": {
      "a": "b"
    },
    "error": "",
    "resultCount": 2,
    "totalResults": 2,
    "startedAt": "2024-03-22T08:14:05.958701794Z",
    "runTime": "38.836527ms",
    "runTimeMs": 38,
    "limit": 0,
    "offset": 0,
    "columns": [
      "receivedAt",
      "workspaceID",
      "sourceType",
      "id",
      "eventName"
    ],
    "columnTypes": [
      "DateTime",
      "String",
      "LowCardinality(String)",
      "String",
      "String"
    ],
    "rows": [
      [
        "2024-02-08T23:18:45Z",
        "<wkspID>",
        "gcplogs",
        "2c6a8tdYFRWa7oqVudOrGTIP3B7",
        "google.identity.oauth2.GetTokenInfo"
      ],
      [
        "2024-02-08T23:18:55Z",
        "<wkspID>",
        "gcplogs",
        "2c6aA74bB5VCJVesecPRD9cv2ul",
        "google.identity.oauth2.GetTokenInfo"
      ]
    ]
  }
}

Results Endpoint

If the query has completed, you can query it using the results endpoint. You can pass in a limit and offset parameter to page through the results. The queryID is used to load the results, and is returned upon querying using the above endpoint.

If the query has not yet completed, totalResults will be -1.

curl 'https://api.runreveal.com/logs/query/v2/results?workspaceid=<wkspID>' \
  -H 'authorization: Basic <token>' \
  -H 'content-type: application/json' \
  --data-raw '{"queryID":"2e2GQkLQiZNUyDIZXnvGHssbRIH","limit":50,"offset":0}'
{
  "success": true,
  "result": {
    "queryID": "2e2GQkLQiZNUyDIZXnvGHssbRIH",
    "status": "completed",
    "query": "SELECT receivedAt, workspaceID, sourceType, id, eventName FROM runreveal.logs LIMIT 2;",
    "parameters": {
      "a": "b"
    },
    "error": "",
    "resultCount": 2,
    "totalResults": 2,
    "startedAt": "2024-03-22T08:14:05.958702Z",
    "runTime": "38.836527ms",
    "runTimeMs": 38,
    "limit": 50,
    "offset": 0,
    "columns": [
      "receivedAt",
      "workspaceID",
      "sourceType",
      "id",
      "eventName"
    ],
    "columnTypes": [
      "DateTime",
      "String",
      "LowCardinality(String)",
      "String",
      "String"
    ],
    "rows": [
      [
        "2024-02-08T23:18:45Z",
        "2KUOdhvRReF5RZfQX8ILneT4fSd",
        "gcplogs",
        "2c6a8tdYFRWa7oqVudOrGTIP3B7",
        "google.identity.oauth2.GetTokenInfo"
      ],
      [
        "2024-02-08T23:18:55Z",
        "2KUOdhvRReF5RZfQX8ILneT4fSd",
        "gcplogs",
        "2c6aA74bB5VCJVesecPRD9cv2ul",
        "google.identity.oauth2.GetTokenInfo"
      ]
    ]
  }
}

Cancellation Endpoint

This cancels an inflight query given by the queryID.

curl 'https://api.runreveal.com/logs/query/v2/cancel?workspaceid=<wkspID>&queryID=<queryID>' \
  -H 'authorization: Basic <token>'
{
  "success": true
}

Reference RunReveal Audit Logs