Collector API Methods and Examples
The Collector Management API gives you the ability to manage Collectors and Sources from HTTP endpoints.
Collector Management APIs are not yet built with OpenAPI specifications and therefore not included in our Swagger docs. Instead, refer to the below documentation.
Before You Begin
You need the Manage or View Collectors role capability to manage or view Collection configurations.
See the following topics for additional information:
- API Authentication for information on API authentication options.
- Sumo Logic Endpoints for a list of API endpoints to use to connect your API client to the Sumo Logic API.
- Use JSON to Configure Sources for a description of Source parameters.
- View or Download Collector or Source JSON Configuration for instructions on viewing or downloading the current JSON configuration file for a collector or source from the web application.
- Troubleshooting APIs
There is a community-supported script available on GitHub that allows you to conduct bulk actions to Collectors. See Collector Management Script.
To determine which Sumo Logic API endpoint you should use, find the deployment pod referenced in your browser's Sumo Logic service URL.
If you see https://service.us2.sumologic.com
, for example, that means you're running on the US2 pod and need to use the API endpoint https://api.us2.sumologic.com/api/
. For the service URL https://service.eu.sumologic.com
, you'd need to use the API endpoint https://api.eu.sumologic.com/api/
, and so on. The only exception is the US1 pod (https://service.sumologic.com
), which uses the API endpoint https://api.sumologic.com/api/
.
To view all available endpoints, see Sumo Logic Endpoints.
Collector API Methods and Examples
The Collector Management API allows you to manage Collectors and Sources from an HTTP endpoint. This topic describes the Collector API parameters, methods, and lists error codes.
Rate limiting
- A rate limit of four API requests per second (240 requests per minute) applies to all API calls from a user.
- A rate limit of 10 concurrent requests to any API endpoint applies to an access key.
If a rate is exceeded, a rate limit exceeded 429 status code is returned.
Response fields
The following table lists the API response fields for installed and hosted Collectors.
Parameter | Type | Required? | Default | Description | Access |
alive | Boolean | Yes | When a Collector is running it sends Sumo a heartbeat message every 15 seconds. If no heartbeat message is received after 30 minutes this becomes false . | Transient | |
category | String | No | Null | The Category of the Collector, used as metadata when searching data. | Modifiable |
collectorType | String | The Collector type: Installable or Hosted | Not modifiable | ||
collectorVersion | String | Yes | Version of the Collector software installed. | Transient | |
cutoffRelativeTime | String | No | Can be specified instead of cutoffTimestamp to provide a relative offset with respect to the current time. Example: use "-1h" , "-1d" , or "-1w" to collect data that's less than one hour, one day, or one week old, respectively. | Not modifiable | |
cutoffTimestamp | Long | No | 0 (collects all data) | Only collect data from files with a modified date more recent than this timestamp, specified as milliseconds since epoch | Modifiable |
description | String | No | Null | Description of the Collector. | Modifiable |
ephemeral | Boolean | Yes | When true, the collector will be deleted after 12 hours of inactivity. For more information, see Setting a Collector as Ephemeral. | Modifiable | |
fields | JSON Object | No | JSON map of key-value fields (metadata) to apply to the Collector. To assign an Ingest Budget to the Collector use the field _budget with the Field Value of the Ingest Budget to assign. For example, if you have a budget with a Field Value of Dev_20GB , you would add:
| Modifiable | |
hostName | String | No | Null | Host name of the Collector. The hostname can be a maximum of 128 characters. | Modifiable |
id | Long | Yes | Identifier | Not modifiable | |
lastSeenAlive | Long | No | The last time the Sumo Logic service received an active heartbeat from the Collector, specified as milliseconds since epoch. | Transient | |
name | String | Yes | Name of the Collector. It must be unique on your account. | Modifiable | |
sourceSyncMode | String | No | UI | For installed Collectors, whether the Collector is using local source configuration management (using a JSON file), or cloud management (using the UI ) | Modifiable To assign to |
timeZone | String | No | Null | Time zone of the Collector. For a list of possible values, refer to the "TZ" column in this Wikipedia article. | Modifiable |
targetCpu | Long | No | Null | When CPU utilization exceeds this threshold, the Collector will slow down its rate of ingestion to lower its CPU utilization. Currently only Local and Remote File Sources are supported. The value must be expressed as a whole number percentage. The collector will adjust resources to attempt to limit the CPU usage to at most 20%. For more information, see Set the Collector CPU Usage Target. | Modifiable |
The following table lists additional response fields for Installed Collectors only.
Parameter | Type | Required? | Description | Access |
osName | String | Yes | Name of OS that Collector is installed on. | Not modifiable |
osVersion | String | Yes | Version of the OS that Collector is installed on. | Not modifiable |
osArch | Yes | Architecture of the OS that Collector is installed on. | Not modifiable | |
osTime | Long | Yes | Time that the Collector has been running, in milliseconds. | Not modifiable |
GET methods
List Collectors
Get a list of Collectors with an optional limit and offset.
Method: GET Path: /collectors
Parameter | Type | Required? | Default | Description |
filter | String | No | All Collectors | Filter the Collectors returned using one of the available filter types:installed , hosted , dead , or alive . |
limit | Integer | No | 1000 | Max number of Collectors to return. |
offset | Integer | No | 0 | Offset into the list of Collectors. |
Example
In this example, setting limit=10
limits the responses to 10.
Request:
curl -u '<accessId>:<accessKey>' -X GET https://api.sumologic.com/api/v1/collectors?limit=10
Response:
{
"collectors":[
{
"id":2,
"name":"OtherCollector",
"collectorType":"Installable",
"alive":true,
"links":[
{
"rel":"sources",
"href":"/v1/collectors/2/sources"
}
],
"collectorVersion":"19.33-28",
"ephemeral":false,
"description":"Local Windows Collection",
"osName":"Windows 7",
"osArch":"amd64",
"osVersion":"6.1",
"category":"local"
},
...
]
}
List Offline Collectors
Get a list of Installed Collectors last seen alive before a specified number of days with an optional limit and offset.
Method: GET Path: /collectors/offline
Parameter | Type | Required? | Default | Description |
aliveBeforeDays | Integer | No | 100 | Minimum number of days the Collectors have been offline. Must be at least 1 day. |
limit | Integer | No | 1000 | Max number of Collectors to return. |
offset | Integer | No | 0 | Offset into the list of Collectors. |
Example
In this example, setting aliveBeforeDays=10
returns a list of Installed Collectors that have been offline for at least 10 days.
Request:
curl -u '<accessId>:<accessKey>' -X GET https://api.sumologic.com/api/v1/collectors/offline?aliveBeforeDays=10
Response:
{
"collectors":[{
"id":101622144,
"name":"My Installed Collector",
"timeZone":"Etc/UTC",
"fields":{
"_budget":"test_budget"
},
"links":[{
"rel":"sources",
"href":"/v1/collectors/101622144/sources"
}],
"ephemeral":false,
"targetCpu":-1,
"sourceSyncMode":"UI",
"collectorType":"Installable",
"collectorVersion":"19.162-12",
"osVersion":"10.12.6",
"osName":"Mac OS X",
"osArch":"x86_64",
"lastSeenAlive":1521143016128,
"alive":false
}]
}
Get Collector by ID
Get the Collector with the specified Identifier.
Method: GET Path: /collectors/[id]
Parameter | Type | Required? | Default | Description |
id | Integer | Yes | NA | Unique identifier of the Collector. |
Example
This example gets the Collector with an ID of 25.
Request:
curl -u '<accessId>:<accessKey>' -X GET https://api.sumologic.com/api/v1/collectors/25
Response:
{
"collector":{
"id":25,
"name":"dev-host-1",
"timeZone":"UTC",
"ephemeral":false,
"sourceSyncMode":"Json",
"collectorType":"Installable",
"collectorVersion":"19.162-12",
"osVersion":"3.13.0-92-generic",
"osName":"Linux",
"osArch":"amd64",
"lastSeenAlive":1471553524302,
"alive":true
}
}
Get Collector by Name
Method: GET Path: /collectors/name/[name]
Parameter | Type | Required? | Default | Description |
name | String | Yes | NA | Name of the Collector. |
Rules
- Names with special characters are not supported, such as
;
/
%
\
even if they are URL encoded. - Spaces in names are supported when they are URL encoded. A space character URL encoded is
%20
. For example, a Collector namedStaging Area
would be encoded ashttps://api.sumologic.com/api/v1/collectors/name/Staging%20Area
. - Names with a period
.
need to have a trailing forward slash/
at the end of the request URL. For example, a Collector namedStaging.Area
should be provided ashttps://api.sumologic.com/api/v1/collectors/name/Staging.Area/
.
Example
This example gets the Collector with the name test.
Request:
curl -u '<accessId>:<accessKey>' -X GET https://api.sumologic.com/api/v1/collectors/name/test
Response:
{
"collector":{
"id":31,
"name":"test",
"timeZone":"UTC",
"ephemeral":false,
"sourceSyncMode":"Json",
"collectorType":"Installable",
"collectorVersion":"19.162-12",
"osVersion":"3.13.0-92-generic",
"osName":"Linux",
"osArch":"amd64",
"lastSeenAlive":1471553524302,
"alive":true
}
}
POST methods
Create Hosted Collector
Use the POST method with a JSON file to create a new Hosted Collector. The required parameters can be referenced in the Response fields table above. Note that "id" field should be omitted when creating a new Hosted Collector.
This method can only be used to create Hosted Collectors. You must install a Collector manually to create an Installed Collector.
Method: POST Path: /collectors
Example
This example creates a new Hosted Collector using the parameters in the JSON file.
Request:
curl -u '<accessId>:<accessKey>' -X POST -H "Content-Type: application/json" -T hosted_collector.json https://api.sumologic.com/api/v1/collectors
Request JSON (hosted_collector.json):
{
"collector":{
"collectorType":"Hosted",
"name":"My Hosted Collector",
"description":"An example Hosted Collector",
"category":"HTTP Collection",
"fields": {
"_budget":"test_budget"
}
}
}
Response:
{
"collector":{
"id":102087219,
"name":"My Hosted Collector",
"description":"An example Hosted Collector",
"category":"HTTP Collection",
"timeZone":"UTC",
"fields":{
"_budget":"test_budget"
},
"links":[{
"rel":"sources",
"href":"/v1/collectors/102087219/sources"
}],
"collectorType":"Hosted",
"collectorVersion":"",
"lastSeenAlive":1536618284387,
"alive":true
}
PUT methods
Update a Collector
Use the PUT method with your JSON file to update an existing Collector. Available parameters can be referenced in the Response fields table above. The JSON request file must specify values for all required fields. Not modifiable fields must match their current values in the system. This is in accordance with HTTP 1.1 RFC-2616 Section 9.6.
Updating a Collector also requires the "If-Match" header to be specified with the "ETag" provided in the headers of a previous GET request.
Method: PUT Path: /collectors/[id]
Parameter | Type | Required? | Default | Description |
id | Integer | Yes | NA | ID of the Collector. |
Example
This example changes the Collector to set the parameter "ephemeral" to true.
First, use a GET request with -v flag to obtain the "ETag" header value.
Initial GET Request:
curl -v -u '<accessId>:<accessKey>' -X GET https://api.sumologic.com/api/v1/collectors/15
Initial GET
Response:
< HTTP/1.1 200 OK
< ETag: "f58d12c6986f80d6ca25ed8a3943daa9"
...
{
"collector":{
"id":15,
"name":"dev-host-1",
"timeZone":"UTC",
"ephemeral":false,
"sourceSyncMode":"Json",
"collectorType":"Installable",
"collectorVersion":"19.162",
"osVersion":"3.13.0-92-generic",
"osName":"Linux",
"osArch":"amd64",
"lastSeenAlive":1471553974526,
"alive":true
}
* Connection #0 to host api.sumologic.com left intact
Next, modify the Collector's JSON attributes as needed (in this example, setting "ephemeral" to "true"), and use a PUT request, passing the "ETag" value obtained above with the "If-Match" header.
Request:
curl -u '<accessId>:<accessKey>' -X PUT -H "Content-Type: application/json" -H "If-Match: \"f58d12c6986f80d6ca25ed8a3943daa9\"" -T updated_collector.json https://api.sumologic.net/api/v1/collectors/15
Request JSON (updated_collector.json):
{
"collector":{
"id":15,
"name":"dev-host-1",
"timeZone":"UTC",
"ephemeral":true,
"sourceSyncMode":"Json",
"collectorType":"Installable",
"collectorVersion":"19.162",
"osVersion":"3.13.0-92-generic",
"osName":"Linux",
"osArch":"amd64",
"lastSeenAlive":1471553974526,
"alive":true
}
}
Response:
{
"collector":{
"id":15,
"name":"dev-host-1",
"timeZone":"UTC",
"ephemeral":true,
"sourceSyncMode":"Json",
"collectorType":"Installable",
"collectorVersion":"19.162",
"osVersion":"3.13.0-92-generic",
"osName":"Linux",
"osArch":"amd64",
"lastSeenAlive":1471554424736,
"alive":true
}
}
DELETE methods
28
Delete Collector by ID
Use the DELETE method to delete an existing Collector.
Method: DELETE Path: /collectors/[id]
Parameter | Type | Required? | Default | Description |
id | Integer | Yes | NA | Unique identifier of the Collector. |
This example deletes the Collector with ID 15.
Request:
curl -u '<accessId>:<accessKey>' -X DELETE https://api.sumologic.com/api/v1/collectors/15
Response: There will be no response body, only a 200 OK response code.
Delete Offline Collectors
Delete Installed Collectors last seen alive before a specified number of days.
Method: DELETE Path: /collectors/offline
Parameter | Type | Required? | Default | Description |
aliveBeforeDays | Integer | No | 100 | The minimum number of days the Collectors have been offline. Must be at least 1 day. |
Example
In this example, setting aliveBeforeDays=10
deletes all the Installed Collectors that have been offline for at least 10 days.
Request:
curl -u '<accessId>:<accessKey>' -X DELETE https://api.sumologic.com/api/v1/collectors/offline?aliveBeforeDays=10
Response:
There will be no response body, only a 200 OK response with the message "The delete task has been initiated.". To check the status make GET requests and see if the Collectors have been deleted.
Error Codes and Messages
Code | Message |
BadRequestCollectorId | Request body contains an invalid Collector ID. |
CannotModifyCollector | User is not authorized to modify the specified Collector. |
CollectorDescriptionTooLong | Maximum description length is 1024 characters. |
CollectorNameTooLong | Maximum name length is 128 characters. |
createValidationError | The specified ID is invalid. |
DuplicateResourceName | A resource with the same name already exists. |
InvalidCollector | The specified Collector ID is invalid. |
InvalidCollectorType | Invalid Collector type for the requested operation. |