Documentation OVH

Using tokens to query Logs Data Platform

If you want to give access to your logs to a software or automatize some tasks depending on your logs. You will maybe need to access them through the API. The most secure way to do this is to use tokens.

Last updated 2nd April, 2019

Objective

With Logs Data Platform, there are 3 ways to query your logs.

So you can pop up a Kibana or a Grafana or even a terminal Dashboard for Graylog.

All these accesses are secured by your username and password. But what if you don't want to put your Logs Data Platform credentials everywhere? You can just use tokens to access all these endpoints and revoke them anytime you want. This tutorial is here to tell you how.

Requirements

  • No specific requirements

Instructions

Generating tokens using the manager

Once you have logged into Logs Data Platform you will have to access to the token Generation panel from the Configuration box.

Token Menu

On this page you will have the possibility to create a token and to remove them. Note that you cannot modify a token.

token generation

Once the token is created, you can use its value and remove it:

token generated

Generating tokens with API

One goal with token is to automatize APIs call. Sometime you even need to automatize token creation. That's why it is possible to create token by using only the OVH APIs. If you're familiar with the OVH API, it should be fairly straightforward, if you're not, this section will help you with it. Generating tokens is two API calls away. You can use the OVH API console to make theses calls.

First you will have to retrieve the serviceName you want to generate token for. The API call to get your serviceName is the following:

Endpoint:
About:

List available services.

If you want to know what is the Logs Data Platform username associated with this serviceName, use the following call:

Endpoint:
About:

Return the service object of connected identity.

Parameters:
serviceName *

The internal ID of your Logs Data Platform service (string)

Once you have the login you want, use:

Endpoint:
About:

Add a new token.

Parameters:
serviceName *

The internal ID of your Logs Data Platform service (string)

name *

The name of your token (string)

Please replace serviceName with your serviceName, and replace name by the name of your choice for your token. This call will give you a taskId. After a few seconds you can retrieve your tokenId with this call:

Endpoint:
About:

Return the list of service tokens.

Parameters:
serviceName *

The internal ID of your Logs Data Platform service (string)

This will give you back the id of your token. The actual value of the token can be retrieved with:

Endpoint:
About:

Return the specified token.

Parameters:
serviceName *

The internal ID of your Logs Data Platform service (string)

tokenId *

UUID of your token (string)

Here is the final response you will get.

{
    "updatedAt": "2016-12-01T12:30:26.566986+00:00",
    "createdAt": "2016-12-01T12:30:26.566939+00:00",
    "value": "kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q",
    "name": "token_name",
    "tokenId": "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

The token value is the value field. That is the field you will need to use the Logs Data Platform Search APIs.

Finally to delete your token, use the following call:

Endpoint:
About:

Delete the specified token.

Parameters:
serviceName *

The internal ID of your Logs Data Platform service (string)

tokenId *

UUID of your token (string)

Using your tokens

Using your token is no different of using your credentials. You just have to replace your username with your token and your password with the word token. For example to issue a search against the Graylog API with the token obtained above, you can do the following:

$ curl -u kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q:token -XGET "https://<your_cluster>.logs.ovh.com/api/search/universal/relative?query=*&range=2592000&filter=streams:a123aebc12345623aafd"

Note that you have to replace the stream value in the filter parameter by the Id of your stream.

To issue a search against the Elasticsearch API, you also use the same credentials.

$ curl -u kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q:token "https://<your_cluster>.logs.ovh.com:9200/<your_alias>/_search"

This call will launch a quick search (to retrieve the count and a sample of your documents) against the alias your_alias. Replace the alias by the one you have setup in you Logs Data Platform console. Note that these credentials are usable in place of your account credentials in Kibana and Grafana (or any tool that support Basic Authentication with Elasticsearch).

The only place you cannot use your token is the Graylog Web Interface.

Go further


Cette documentation vous a-t-elle été utile ?

Génial ! Ravi d'avoir pu vous aider.

Images, contenu, structure... N'hésitez pas à nous dire pourquoi afin de la faire évoluer ensemble !

Merci beaucoup pour votre aide ! Vos retours seront étudiés au plus vite par nos équipes..


Ces guides pourraient également vous intéresser...