VAST Rest API ("0.1")
Download OpenAPI specification:Download
This API can be used to interact with a VAST Node in a RESTful manner.
All API requests must be authenticated with a valid token, which must be
supplied in the X-VAST-Token request header. The token can be generated
on the command-line using the vast rest generate-token command.
Create new query
Create a new export query in VAST
Authorizations:
query Parameters
| query required | string Example: query=:ip in 10.42.0.0/16 | head 100 The query used, optionally including an open pipeline. |
| ttl | string Example: ttl=5.0m The time after which a query is cancelled. Use the /query/:id/next endpoint to refresh the TTL. To refresh the TTL without requesting further events, request zero events. |
| expand | boolean Whether to use the expanded output schema. |
| flatten | boolean Default: false Flatten nested elements in the response data. |
| omit-nulls | boolean Default: false Omit null elements in the response data. |
| numeric-durations | boolean Default: false Render durations as numeric values. |
Responses
Response samples
- 200
{- "id": "c91019bf-21fe-4999-8323-4d28aeb111ab"
}Get additional query results
Return n additional results from the specified query.
Authorizations:
path Parameters
| id required | string Example: e84308a2-1ba4-4559-9e0f-597dfea4fd3e The query ID. |
query Parameters
| n | integer Example: n=10 Maximum number of returned events |
Responses
Response samples
- 200
{- "events": [
- {
- "schema-ref": "foobarbaz",
- "data": {
- "ts": "2009-11-18T22:11:04.011822",
- "uid": "iKxhjl8i1n3",
- "id": {
- "orig_h": "192.168.1.103"
}
}
}, - {
- "schema-ref": "foobarbaz",
- "data": {
- "ts": "2009-11-18T22:11:04.011822",
- "uid": "iKxhjl8i1n3",
- "id": {
- "orig_h": "192.168.1.103"
}
}
}
], - "schemas": [
- {
- "schema-ref": "foobarbaz",
- "definition": "<type-definition>"
}
]
}Return current status
Returns the current status of the whole node.
Authorizations:
query Parameters
| component | string Example: component=index If specified, return the status for that component only. |
| verbosity | string Default: "info" Enum: "info" "detailed" "debug" Example: verbosity=detailed The verbosity level of the status response. |
Responses
Response samples
- 200
{- "catalog": {
- "num-partitions": 7092,
- "memory-usage": 52781901584
}, - "version": {
- "VAST": "v2.3.0-rc3-32-g8529a6c43f"
}
}