API SME
Search Queries
API to run an SA query: GET _sme.
Parameters
| Name | Type | Description |
|---|---|---|
query | string | SA query |
dtStart | date-time | Start of the time range in YYYY-ММ-DDThh:mm:ssZ format |
dtEnd | date-time | End of the time range in YYYY-ММ-DDThh:mm:ssZ format |
dtFieldName | string | Name of the time field (typically @timestamp) |
calculateExecutionCost | string | See Sidebar and Timeline API |
calculateStats | boolean | See Sidebar and Timeline API |
sidebarHandler | string | See Sidebar and Timeline API |
timelineHandler | string | See Sidebar and Timeline API |
If the query parameter is too long, you can execute the SA query by submitting the parameters in the HTTP request body using JSON format with the POST method (this is the recommended method):
POST _sme
Request Body Parameters
Example of the POST request body:
{
"dtStart": "2022-12-15T07:00:00Z",
"dtEnd": "2023-02-09T13:30:00Z",
"query": "source internal_audit-* qsize=9000",
"dtFieldName": "@timestamp"
}
Example of executing a search query
POST _sme
{
"dtStart": "2022-12-15T07:00:00Z",
"dtEnd": "2023-02-09T13:30:00Z",
"query": "source internal_audit-* qsize=9000",
"dtFieldName": "@timestamp"
}
License Check
To check the license, run the following request:
GET _sme/getLicense