Using tokens to query Logs Data Platform
If you want to give access to your logs to a software or automatize some tasks depending on your logs. You will maybe need to access them through the API. The most secure way to do this is to use tokens.
Last updated 13th October, 2022
Objective
With Logs Data Platform, there are 3 ways to query your logs.
- The Graylog Web Interface
- The Graylog API
- The OpenSearch API located at the port 9200 of your cluster (find its address in the Home Page) against your alias.
So you can pop up a Grafana or even a terminal Dashboard for Graylog.
All these accesses are secured by your username and password. But what if you don't want to put your Logs Data Platform credentials everywhere? You can just use tokens to access all these endpoints and revoke them anytime you want. This tutorial is here to tell you how.
Requirements
- No specific requirements
Instructions
Generating tokens using the manager
Once you have logged into Logs Data Platform you will have to access to the token Generation panel from the Configuration box.
On this page you will have the possibility to create a token and to remove them. Note that you cannot modify a token.
Once the token is created, you can use its value or remove it:
Generating tokens with API
One goal with token is to automatize APIs call. Sometime you even need to automatize token creation. That's why it is possible to create token by using only the OVHcloud APIs. If you're familiar with the OVHcloud API, it should be fairly straightforward, if you're not, this section will help you with it. Generating tokens is two API calls away. You can use the OVHcloud API console to make theses calls.
First you will have to retrieve the serviceName you want to generate token for. The API call to get your serviceName is the following:
- Endpoint:
- About:
-
List available services.
If you want to know what is the Logs Data Platform username associated with this serviceName, use the following call:
- Endpoint:
- About:
-
Return the service object of connected identity.
- Parameters:
-
serviceName * The internal ID of your Logs Data Platform service (string)
Once you have the login you want, use:
- Endpoint:
- About:
-
Add a new token.
- Parameters:
-
serviceName * The internal ID of your Logs Data Platform service (string)
name * The name of your token (string)
Please replace serviceName with your serviceName, and replace name by the name of your choice for your token. This call will give you a taskId. After a few seconds you can retrieve your tokenId with this call:
- Endpoint:
- About:
-
Return the list of service tokens.
- Parameters:
-
serviceName * The internal ID of your Logs Data Platform service (string)
This will give you back the id of your token. The actual value of the token can be retrieved with:
- Endpoint:
- About:
-
Return the specified token.
- Parameters:
-
serviceName * The internal ID of your Logs Data Platform service (string)
tokenId * UUID of your token (string)
Here is the final response you will get.
{
"updatedAt": "2016-12-01T12:30:26.566986+00:00",
"createdAt": "2016-12-01T12:30:26.566939+00:00",
"value": "kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q",
"name": "token_name",
"tokenId": "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
The token value is the value field. That is the field you will need to use the Logs Data Platform Search APIs.
Finally to delete your token, use the following call:
- Endpoint:
- About:
-
Delete the specified token.
- Parameters:
-
serviceName * The internal ID of your Logs Data Platform service (string)
tokenId * UUID of your token (string)
Using your tokens
Using your token is no different of using your credentials. You just have to replace your username with the word token and your password with the token (the opposite works too). For example to issue a search against the Graylog API with the token obtained above, you can do the following:
$ curl -u token:kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q -XGET "https://<your_cluster>.logs.ovh.com/api/search/universal/relative?query=*&range=300&filter=streams:a123aebc12345623aafd"
Note that you have to replace the stream value in the filter parameter by the Graylog Id of your stream. The Graylog id can be found in the URL of your stream search page in Graylog. This URL has this form:
https://gra2.logs.ovh.com/streams/5ab52dc43ce3010451deacd1/search
The value 5ab52dc43ce3010451deacd1 is the Graylog Id of your stream.
To issue a search against the OpenSearch API, you also use the same credentials.
$ curl -u token:kujg9g227qv0123mav3s0q4pra4psqsi5leka6j7lc62qdef58q "https://<your_cluster>.logs.ovh.com:9200/your_alias/_search?pretty"
This call will launch a quick search (to retrieve the count and a sample of your documents) against the alias your_alias. Replace the alias by the one you have setup in you Logs Data Platform console. Note that these credentials are usable in place of your account credentials in Grafana (or any tool that supports Basic Authentication with OpenSearch).
The only place you cannot use your token is the Graylog Web Interface.
Go further
- Getting Started: Quick Start
- Documentation: Guides
- Community hub: https://community.ovh.com
- Create an account: Try it!
Did you find this guide useful?
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.