Return data from a pipeline
POST /serve
Returns events from an existing pipeline. The pipeline definition must include a serve operator. By default, the endpoint performs long polling (timeout: 5s) and returns events as soon as they are available (min_events: 1).
Authorizations
Request Body required
Body for the serve endpoint
object
The id that was passed to the serve operator.
query1The continuation token that was returned with the last response. For the initial request this is null.
340ce2jThe maximum number of events returned.
1024Wait for this number of events before returning.
1The maximum amount of time spent on the request. Hitting the timeout is not an error. The timeout must not be greater than 10 seconds.
200msResponses
200
Success.
object
A token to access the next pipeline data batch, null if the pipeline is completed.
340ce2jThe state of the corresponding pipeline at the time of the request. One of running, completed, or failed.
runningThe schemas that the served events are based on.
object
The unique schema identifier.
The schema definition in JSON format.
object
[ { "schema_id": "c631d301e4b18f4", "definition": [ { "name": "tenzir.summarize", "kind": "record", "type": "tenzir.summarize", "attributes": {}, "path": [], "fields": [ { "name": "severity", "kind": "string", "type": "string", "attributes": {}, "path": [ 0 ], "fields": [] }, { "name": "pipeline_id", "kind": "string", "type": "string", "attributes": {}, "path": [ 1 ], "fields": [] } ] } ] }]The served events.
object
The unique schema identifier.
The actual served data in JSON format.
object
[ { "schema_id": "c631d301e4b18f4", "data": { "timestamp": "2023-04-26T12:00:00Z", "schema": "zeek.conn", "schema_id": "ab2371bas235f1", "events": 50 } }, { "schema_id": "c631d301e4b18f4", "data": { "timestamp": "2023-04-26T12:05:00Z", "schema": "suricata.dns", "schema_id": "cd4771bas235f1", "events": 50 } }]400
Invalid arguments.
object
The error message.
Invalid arguments