Argus Log Cloud API#

Introduction#

The Argus Log Cloud API can be used to run queries on ALC, and can be accessed at

Getting started: Tokens and keys#

The API requires a combination of two tokens, one from Argus and one from Argus Log Cloud.

Alternative: Personal user accounts#

An alternative for testing and development is to use API keys and tokens connected to a personal user account.

For access to the Argus Log Cloud API with a personal accounts:

  1. Create an API key in the Argus user preferences page. The API key needs to have the ALC-ACCESS role.

    By default, new users in Argus do not have privileges to create personal API keys. This will be enabled for each user on request.

  2. In Argus Log Cloud, set up an API token for the user by going to alc.mnemonic.no/account-api-token-page. This API will give get the same access as the user.

Using API keys and tokens#

In your API integration, request an OAuth access token from the token endpoint using the API key: https://api.mnemonic.no/authentication/v1/oauth/token

Use the access token like “$accesstoken” is used in the request in “Curl example: Argus Log Cloud API example queryjob” below.

The access token is relatively short lived (2 hours), and should be automatically renewed by the API integration application when needed.

Curl example: Access Token

curl -X 'POST' -H "Argus-API-Key: $argusapikey" \
  'https://api.mnemonic.no/authentication/v1/oauth/token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=dda70cae-3659-4a6b-9546-142b3733026d&grant_type=client_credentials'

Note that the “client_id” value above is the Argus Log Cloud search interface ID, which itself can be requested through a different endpoint: https://api.mnemonic.no/authentication/v1/oauth/client/alc

Curl example: OAuth Client ID

curl -X 'GET' -H "Argus-API-Key: $argusapikey" \
  'https://api.mnemonic.no/authentication/v1/oauth/client/alc' \
  -H 'accept: application/json'

For further details, refer to the Authentication API Swagger pages in Argus: https://portal.mnemonic.no/spa/swagger?module=authentication&apistatus=PUBLIC

Use the Argus Log Cloud API token as an authorization bearer like “alctoken” is used in the examples below.

Querying Argus Log Cloud#

The Argus Log Cloud API must be used by issuing both the API token from Argus Log Cloud and the OAuth access token from Argus as authorization bearer tokens in the header of the request.

With two valid authorization bearer tokens in the request header, alc-api.app.mnemonic.no works like a regular Logscale search API endpoint.

The Logscale search API is documented here https://library.humio.com/logscale-api/api-search.html. Like the documentation says, we advise using query jobs for most searches.

Example:

Curl example: Argus Log Cloud API example queryjob

curl -X POST "https://alc-api.app.mnemonic.no/api/v1/repositories/<repository>/queryjobs" \
  -H "Authorization: Bearer $accesstoken" \
  -H "alc-authorization: Bearer $alctoken" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
        "queryString": "groupBy(#type)",
        "start": "1h",
        "end": "now",
        "isLive": false
      }'

Curl example: Argus Log Cloud API example queryjob poll

curl -X GET "https://alc-api.app.mnemonic.no/api/v1/repositories/<repository>/queryjobs/<id>" \
  -H "Authorization: Bearer $accesstoken" \
  -H "alc-authorization: Bearer $alctoken" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json"

Tools#

Python library#

There is a Python library for querying Logscale on GitHub:

It has not received any updates for a few years, but even though the Logscale search API has been updated with more features since that time, the library is still useful for most search tasks.

Keep in mind that out of the box, this library only uses one bearer token in the requests. That means it has to be patched or adapted to be used directly against the Argus Log Cloud API.

For a full guide on the latest features of the search API, use the official documentation: