qryn API
The qryn API is polyglot and supports many routes and formats to make it easy for your to use existing agents and log routes. Generally, qryn uses 3 distinct datatypes, supporting many input and output formats for each.
- logs (logfmt, json, syslog, text, elastic, datadog)
- traces (zipkin, tempo, otlp)
- metrics (prometheus, influx write)
For additional information about supported Endpoints, please also go here
Writing data
The following ingoing routes exist with each dataformat expressed as a JSON structure:
| API Endpoint | Dataformat Type | Description |
|---|---|---|
| /loki/api/v1/push | Logql Format | Intended for String Logs |
| /{{target}}/_doc | JSON Object | Intended for JSON object, {{target}} to be replaced with a label e.g. app_logs |
| /api/v2/logs | Datadog Format | To receive datadog agent logs |
| /influx/api/v2/write | Influx Format | Use this with influx-compatible senders |
| /tempo/api/push | Tempo Format Spans | Send Tempo compatible trace spans to this endpoint |
| /api/v2/spans | Zipkin Format Spans | Send Zipkin compatible trace spans to this endpoint |
| /v1/traces | OTLP Format Spans | Send OTLP compatible spans to this endpoint |
LogQL Format
The simplest format to use when using something like vector or grafana agents to cover log observability or if used from code to send logs directly to the API.
Send as stringified JSON as the body of the POST request:
{
streams: [
{
stream: {
label: 'labelValue',
numericalLabel: '1'
},
values: [
[(Date.now() * 1000000).toString(), 'example=logfmt key=value']
]
}
]
}
Labels will be indexed and logs are searchable through them, whilst the values array is not indexed. The timestamp is a string in nanoseconds.
JSON Objects Format
The Elastic API simply expect a stringified JSON Object inside the body of the POST request. The :target is used to set the label.
Datadog Format
The datadog API supports receiving the Datadog Agent format.
Additional Formats
qryn is polyglot to bring together many different agent and producers. Please refer to their documentation for these formats. If you see a format that you would want to use, but is not present in this documentation, please ping support to let us know.
Reading data
Use compatible clients to read each of the respective APIs or consume the data directly.
Usually you will want to use label retrieval calls to see available labels in your data, then use logql / promql queries to retrieve data inside those labels.
| API Endpoint | Type | Description |
|---|---|---|
| /loki/api/v1/label?start=millisecondTimestamp&end=millisecondTimestamp | logql | Receive a list of labels between start and end timestamp |
| /loki/api/v1/query_range?query={label="value"}&start=milliseconds&end=milliseconds | logql | Receive the result of the specified query |
| /api/v1/labels?start=millisecondTimestamp&end=millisecondTimestamp | promql | Receive a list of labels between start and end timestamp |
| /api/v1/label/{{label_name}}/values?start=millisecondTimestamp&end=millisecondTimestamp | promql | Receive the values of a specific {{label}} to use for queries |
| /api/v1/query_range?query=query_string{valid="promQlQuery"}&start=millisecondTimestamp&end=millisecondTimestamp | promql | Receive the result of the specified query |