XPLG API

General

XPLG exposes a URL based API to the users. The API exposes a set of HTTP/S calls that can be used to retrieve information from XPLG.
The article describes the syntax calls with the available parameters.

Background

XPLG’s API provides multiple calls to the system to get data, export dashboard, query the configuration and more.
The call are done via URL over HTTP/S.
In case security is activated in XPLG (login is required) then using the URL based API will require passing user's credentials in order to login into the system prior to executing the API command.
It is required to pass the username and password in the URL to XPLG in order to get the command executed.

Add to each link that is detailed below at the end:
&autoLogin=true&username=[USER_NAME]&password=[PASSWORD]

[USER_NAME] = the user name which the API will use to login
[PASSWORD] = the password of the user name

API Endpoints

URL that returns events from XPLG Search in XML/CSV format

Runs a search query on a specified time frame and returns results in CSV or XML format

URL that returns a Dashboards latest result in PDF format

Returns a dashboard from XPLG in PDF

URL to open Search console on an executed search query

Opens the XPLG search console on a search result page

URL that returns Collected Data Information

Returns information about the data that is collected by the system in JSON format

URL that returns the Folders and Logs information

Returns the existing Folders and Logs structure from XPLG in JSON format

URL that returns a specific log's information

Returns information about specific log in XPLG in JSON format

URL that returns multiple log's information

Returns information about multiple logs in XPLG in JSON format

URL that returns events from XPLG Search in XML/CSV format

http://[MACHINE_NAME]:[XPLG_PORT]/logeye/view/api/widgetAPI.jsp?widgetId=searchAPI&searchQuery=[see item 2]&fixedInterval=[see item 3]&startTimeFullStr=[see item 4]&endTimeFullStr=[see item 4]&maxNumOfRecords=[see item 5]&resultFormat=[see item 6]&paginate=[see item 7]&token=[see item 7.a]&maxRecordsPerPage=[see item 8]&timeout=[see item 9]&abortOn=[see item 10]
searchQuery=a query as used in XpoSearch console
fixedInterval=optional values are: last15Minutes, last30Minutes, last60Minutes, last3Hours, last12Hours, last24Hours, last7Days, last14Days, last1Months, last6Months, currentDay, previousDay, currentWeek, previousWeek, allData
IMPORTANT: when using fixedInterval only values from the above list can be provided as is. Optional; if fixedInterval is used then startTimeFullStr and endTimeFullStr should not be used.
startTimeFullStr=the start time full string, formatted according to the XPLG system format; default format is MM/dd/yyyy HH:mm:ss
endTimeFullStr=the end time full string, formatted according to the XPLG system format; default format is MM/dd/yyyy HH:mm:ss
Optional; used only if fixedInterval is missing; if used, both values are mandatory.
maxNumOfRecords=the maximal number of records to return in the result; if missing, the default value is taken from the widgets.searchAPI.maxNumOfRecords XPLG system property (default is 100 but may be modified)
resultFormat=the format in which the result will be returned. Optional values xml/csv (case sensitive)
paginate=activate pagination; optional values true/false. If pagination is set to true, a unique token will be generated per execution (unless the API command will specify an existing token to access next pages of an existing execution as detailed below at 7.a).
1. token=UNIQUE_TOKEN_FROM_FIRST_EXECUTION - returned and may be used only if pagination is set to true, and only after an API command execution which is not already using an existing unique token.
  If token is added to the URL, each execution of the URL returns the next page of that execution result (see result example below of pagination = true).
  In order to access the next pages of that execution result, it is required to add to the URL the parameter:
  &token=UNIQUE_TOKEN_FROM_FIRST_EXECUTION - any additional execution using the unique token will return the next page of results (there is no paging backwards, only forward).
maxRecordsPerPage=the maximal number of results per page; If missing, the default value is 100 records per page.
timeout=the maximum time(milliseconds) given for a query to run. In case the time exceeds the given threshold, the search query stops and an error message is returned (see error codes table).
abortOn=the maximum number of allowed results. In case the number exceeds the given threshold, the search query stops and an error message is returned (see error codes table).

The following is the XML structure of the API execution response (pagination = false):

<APIResult>
<Status state="OK" token="" numberOfResults="Actual number of results or maxNumOfRecords if exists/reached">
<Url>
[URL_TO_RESULT_FILE]
</Url>
<Message/>
</Status>
<Data>
</Data>
</APIResult>

The following is the XML structure of the API execution response (pagination = true):

<APIResult>
<Status state="OK" token="EXECUTION_TOKEN" numberOfResults="maxRecordsPerPage or maximum 100 per page (XPLG default)">
<Url>
[URL_TO_RESULT_FILE]
</Url>
<Message/>
</Status>
<Data>
</Data>
</APIResult>

Tag Path	Description

Tag Path	Description
APIResult	General document root tag
Status	The state of the API execution. Optional values OK/Fail
Url	Exists only when the status is OK. The URL to a file containing the API execution result.
Message	Exists only when the status is Fail.
Data	Contains the API execution result. Note: When the result format is CSV, the content of the <Data> tag will be wrapped with CDATA. Note: If the execution result is larger than the system-configured limit, the <Data> tag will not contain the execution result. Instead, the content of the <Url> tag should be used to access the execution result file.