Api Endpoint Overview
LogZilla documentation for Api Endpoint Overview
API Endpoint Overview
This page provides a practical map of commonly used API endpoints. It is
sourced from lib/logzilla/api/urls.py. For full request/response schemas,
filters, and examples, use the interactive docs at /api/docs.
-
Auth and session
GET/POST/DELETE /api/auth— session info, login, logoutPOST /api/reset-passwordGET /api/ping
-
Users and access control
GET/POST /api/users(and/{id})GET /api/groupsPOST /api/groupsGET /api/groups/{id}PUT /api/groups/{id}PATCH /api/groups/{id}DELETE /api/groups/{id}GET /api/permissions
-
Dashboards and widgets
GET /api/dashboardsPOST /api/dashboardsGET /api/dashboards/{id}PUT /api/dashboards/{id}PATCH /api/dashboards/{id}DELETE /api/dashboards/{id}POST /api/dashboards/{id}/{report|templates|widgets}DELETE /api/dashboards/{id}/widgetsGET /api/widgetsPOST /api/widgetsGET /api/widgets/{id}PUT /api/widgets/{id}PATCH /api/widgets/{id}DELETE /api/widgets/{id}POST /api/widgets/{id}/reportGET /api/widget-typesGET /api/widget-presets
-
Events
GET /api/events/{ev_id}GET /api/events/{ev_id}/timestampsGET /api/events/{ev_id}/triggersGET /api/events/{ev_id}/aiPOST /api/events/{ev_id}/forward
-
Triggers
GET /api/triggersPOST /api/triggersGET /api/triggers/{id}PUT /api/triggers/{id}PATCH /api/triggers/{id}DELETE /api/triggers/{id}GET /api/triggers/{id}/historyPOST /api/triggers-validator— validate filters
-
Notifications
GET /api/notification-groups
-
Queries (generic)
POST /api/query— createGET /api/query/{qid}— results (with paging for Search)GET /api/query/{qid}/{export|recalculate|remove|stop}POST /api/query/{qid}/stopGET /api/query-types— available query types- WebSocket:
/ws/live-updates(see Making Queries)
-
Queries (typed)
POST /api/queries/searchGET /api/queries/search/{qid}GET /api/queries/search/{qid}/{export|recalculate|remove|stop}POST /api/queries/search/{qid}/stopPOST /api/queries/lastnGET /api/queries/lastn/{qid}GET /api/queries/lastn/{qid}/{export|recalculate|remove|stop}POST /api/queries/lastn/{qid}/stopPOST /api/queries/topnGET /api/queries/topn/{qid}GET /api/queries/topn/{qid}/{export|recalculate|remove|stop}POST /api/queries/topn/{qid}/stopPOST /api/queries/eventrateGET /api/queries/eventrate/{qid}GET /api/queries/eventrate/{qid}/{export|recalculate|remove|stop}POST /api/queries/eventrate/{qid}/stopPOST /api/queries/processingstatsGET /api/queries/processingstats/{qid}GET /api/queries/processingstats/{qid}/{export|recalculate|remove|stop}POST /api/queries/processingstats/{qid}/stopPOST /api/queries/storagestatsGET /api/queries/storagestats/{qid}GET /api/queries/storagestats/{qid}/{export|recalculate|remove|stop}POST /api/queries/storagestats/{qid}/stopPOST /api/queries/system_cpuGET /api/queries/system_cpu/{qid}GET /api/queries/system_cpu/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_cpu/{qid}/stopPOST /api/queries/system_dfGET /api/queries/system_df/{qid}GET /api/queries/system_df/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_df/{qid}/stopPOST /api/queries/system_iopsGET /api/queries/system_iops/{qid}GET /api/queries/system_iops/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_iops/{qid}/stopPOST /api/queries/system_memoryGET /api/queries/system_memory/{qid}GET /api/queries/system_memory/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_memory/{qid}/stopPOST /api/queries/system_networkGET /api/queries/system_network/{qid}GET /api/queries/system_network/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_network/{qid}/stopPOST /api/queries/system_networkerrorsGET /api/queries/system_networkerrors/{qid}GET /api/queries/system_networkerrors/{qid}/{export|recalculate|remove|stop}POST /api/queries/system_networkerrors/{qid}/stopPOST /api/queries/systemstatusGET /api/queries/systemstatus/{qid}GET /api/queries/systemstatus/{qid}/{export|recalculate|remove|stop}POST /api/queries/systemstatus/{qid}/stop
-
Reports
GET /api/reportsGET /api/reports/{id}(download via retrieve)DELETE /api/reports/{id}GET /api/reports/{id}/exportGET /api/reports-templatesPOST /api/reports-templatesGET /api/reports-templates/{id}PUT /api/reports-templates/{id}PATCH /api/reports-templates/{id}DELETE /api/reports-templates/{id}POST /api/reports-templates/{id}/generateGET /api/reports-schedulesPOST /api/reports-schedulesGET /api/reports-schedules/{id}PUT /api/reports-schedules/{id}PATCH /api/reports-schedules/{id}DELETE /api/reports-schedules/{id}GET /api/reports-schedules/{id}/reports
-
Settings and system
GET /api/license-infoGET/POST /api/settings(and extra configs)POST /api/settings-update-publishGET/POST /api/customer-infoGET /api/monitor
-
Archives
GET /api/archivesPOST /api/archivesGET /api/archives/{chunk_ts}POST /api/archives/migrateDELETE /api/archives/rangePOST /api/archives/remove(range)GET /api/archive-restore-logs
-
Forwarder counters
GET /api/forwarder-counters
-
Lookup tools
GET /api/lookup/{dns|whois|mac|cisco-mnemonic|geoip|mswin-eventid|mitre-id}/{pk}
-
Terminals (test utilities)
POST /api/terminals— create ephemeral shell session
-
Mailer and LDAP tester
POST /api/mailerPOST /api/ldap-tester
-
App store
GET /api/apps— available appsGET /api/installed-apps
-
Misc
GET /api/async-resultsGET /api/docs,GET /api/schema
Notes:
- All endpoints require a valid user token in
Authorization: token <TOKEN>unless explicitly marked public. See Getting Started for token usage. - The HTTP Receiver (ingestion) is separate and documented under Receiving
Data; its interactive docs are typically at
/incoming/docs.