Explore documentation
  1. Welcome to Telemetry👋
  2. Quick start guide
  3. Log libraries
    1. Programming languages
    2. Cloud platforms
    3. Web servers & Load balancers
    4. Operating systems
    5. Databases & Message queues
    6. Containers & Clusters
    7. HTTP REST API
  4. Metrics
    1. Vector (Recommended)
    2. Prometheus (push)
    3. Prometheus (scrape)
    4. Datadog Agent
    5. OpenTelemetry
  5. Log Forwarding
    1. Vector (Recommended)
    2. Fluent Bit
    3. Logstash
    4. Fluentd
    5. Filebeat
    6. Syslog
  6. Dashboards
    1. Getting started
    2. Converting logs to metrics
    3. SQL queries
    4. Simplified PromQL
    5. Alerts
    6. How do we bill for metrics?
    7. Transforming with JavaScript
  7. Using Logs
    1. Querying data in Better Stack
    2. String + JSON format
    3. Formatting logs
    4. Live tail query language
    5. Explore logs with SQL
    6. AWS S3-compatible archive
  8. Telemetry API
    1. Get started with Telemetry API
    2. Sources API
    3. Metrics API
    4. Query API
      1. Live tail GET
      2. Explore logs GET
      3. Dashboards GET

Explore logs Query API

Run Explore logs queries with an HTTP API.

Follow redirects

Make sure to follow redirects when using this API.
For example, use the -L option with curl.

GET https://telemetry.betterstack.com/api/v2/query/explore-logs

Query parameters

source_ids
required string

Numberic value; Comma-separated list of sources you want to query.

query
required string

Filter logs with a SQL query. Use the same Log SQL you would in Explore logs. Read more about Explore logs with SQL.

from
string

Start of time range for the SQL query (ISO8601-formatted string: 2022-07-19T13:32:56+0000). Default: 30 minutes before to. If to is not specified then 30 minutes ago.

to
string

End of time range for the SQL query (ISO8601-formatted string: 2022-07-19T13:32:56+0000). Default: 30 minutes after from. If from is not specified then current time.

Headers

Authorization
required string

Bearer $TOKEN

200

Returned rows in JSONEachRow format

Response body

{"time":"2024-07-01 05:50:00","message":"Hello, world!"}
{"time":"2024-06-30 00:00:00","message":"Hello, you!"}
{"time":"2024-06-30 00:00:00","message":"Hello, me!"}

Example cURL

Example
curl -L --request GET \
  --header "Authorization: Bearer $TOKEN" \
  --data-urlencode "source_ids=$SOURCE_ID" \
  --data-urlencode "query=SELECT {{time}} as time, JSONExtract(json, 'level', 'Nullable(String)') AS level FROM {{source}} WHERE time BETWEEN {{start_time}} AND {{end_time}}" \
  https://telemetry.betterstack.com/api/v2/query/explore-logs

Adjusting the response format

By default rows are returned in the ClickHouse JSONEachRow format, you can change this by adding a FORMAT clause to you query.

See the ClickHouse documentation for more information.

Previous article

Live tail Query API

Next article

Dashboards Query API