logzio-public-api.yaml

swagger: '2.0'
schemes: [ https ]
host: api.logz.io
basePath: /v1
produces: [ application/json ]
consumes: [ application/json ]
info:
  description: >-
    ## Introduction

    This API is documented using the **OpenAPI 2.0** specification. You can browse the API documentation on this page, or you can download the specification file.

    #### Updates and improvements

    We update this document regularly to reflect changes and improvements to the Logz.io API. If you'd like to suggest corrections or improvements to this document, please email us at [help@logz.io](mailto:help@logz.io) or submit a ticket in the GitHub repository.

    # Authentication

    The Logz.io API is available to Enterprise plan subscribers. You can create new tokens in your [account settings](https://app.logz.io/#/dashboard/settings/manage-accounts_). You can also set and revoke API permissions at any time.

    If you don't have an Enterprise account, we encourage you to sign up for a [free trial](https://logz.io/signup/freetrial.php).

    <!-- ReDoc-Inject: <security-definitions> -->

    # Rate limiting

    API call and response rates are limited per individual account. To find out your rate limits or to make changes to your account plan, please email [our Support team](mailto:help@logz.io).


  version: v1
  title: Logz.io API
  termsOfService: 'https://logz.io/about-us/terms-of-use/'
  contact:
    email: help@logz.io
    url: https://logz.io/
  license:
    name: Apache 2.0
    url: 'http://www.apache.org/licenses/LICENSE-2.0.html'

securityDefinitions:
  X-API-TOKEN:
    description: You can manage your tokens in your Logz.io account settings. Tokens are tied to individual accounts, including sub accounts. Tokens carry privileges to make changes to users and accounts, so it's important to keep your tokens secure.
    type: apiKey
    in: header
    name: X-API-TOKEN
  X-USER-TOKEN:
    description: The `/search` API endpoint uses the native Elasticsearch API and authenticates with the `X-USER-TOKEN`. `X-USER-TOKEN` is identical to `X-API-TOKEN` in usage. It can be any of the tokens that you manage in your Logz.io account.
    type: apiKey
    in: header
    name: X-USER-TOKEN
security:
  - X-API-TOKEN: []

tags:
  - name: Manage sub accounts
    description: Use these API requests to create, update, retrieve, or delete sub accounts.
  - name: Search logs
    description: >-
      Use the Elasticsearch Search API DSL query language to search your Logz.io data. 
      
      
      To ensure system performance and data availability, we've introduced some limitations to the original Elasticsearch specification. These limitations are detailed in the applicable API calls below.
  - name: Retrieve audit trail
  - name: Manage CloudTrail links
  - name: Manage notification endpoints
  - name: Import or export Kibana objects
  - name: Manage shared tokens
  - name: Logz.io snapshots
  - name: Manage users

x-tagGroups:
  - name: Log monitoring
    tags:
      - Search logs
      - Logz.io snapshots
  - name: Account administration
    tags:
      - Manage users
      - Manage sub accounts
      - Manage shared tokens
      - Manage notification endpoints
      - Import or export Kibana objects
  - name: Data security
    tags:
      - Retrieve audit trail
      - Manage shared tokens
      - Manage users
  - name: AWS security and audit
    tags:
      - Manage CloudTrail links

paths:
  # ::::: ACCOUNTS
  /account-management/time-based-accounts:
    get:
      summary: Retrieve all sub accounts
      description: Returns a list of sub accounts as an array of JSON objects.
      tags:
        - Manage sub accounts
      operationId: getAll
      responses:
        200:
          description: successful operation
          schema:
            type: array
            items:
              $ref: '#/definitions/TimeBasedAccount'
      x-code-samples:
      - lang: cURL
        source: 'curl --request GET --url "https://api.logz.io/v1/account-management/time-based-accounts" --header "X-API-TOKEN: <token>"'
    post:
      summary: Create a sub account
      description: Creates a new time-based sub account.
      tags:
        - Manage sub accounts
      operationId: createTimeBasedAccount
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/TimeBasedAccountUpsertRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/TimeBasedAccountCreationResponse'
      x-code-samples:
      - lang: cURL
        source: >-
          curl -X POST \
            "https://api.logz.io/v1/account-management/time-based-accounts" \
            -H "accept: application/json" -H "content-type: application/json" \
            -H "X-API-TOKEN: <token>" \
            -d '{
            "email": "help@logz.io",
            "accountName": "AWS Lambda svr 3",
            "maxDailyGB": 5,
            "retentionDays": 5,
            "searchable": true,
            "accessible": false,
            "sharingObjectsAccounts": [
              48672,
              36259
            ],
            "docSizeSetting": true,
            "utilizationSettings": {
              "frequencyMinutes": 5,
              "utilizationEnabled": true
            }
            }'
  /account-management/time-based-accounts/detailed:
    get:
      summary: Retrieve detailed information on all sub accounts
      description: Retrieves all time-based sub accounts, returned as an array of objects. Each sub account is its own object.
      tags:
        - Manage sub accounts
      operationId: getAllDetailedTimeBasedAccount
      responses:
        200:
          description: successful operation
          schema:
            type: array
            items:
              $ref: '#/definitions/DetailedTimeBasedAccount'
      x-code-samples:
      - lang: cURL
        source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/detailed" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
  /account-management/time-based-accounts/detailed/{id}:
    get:
      summary: Retrieve detailed account information by ID
      description: Using account ID, returns detailed account information.
      tags:
        - Manage sub accounts
      operationId: getDetailedTimeBasedAccount
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the account to retrieve
          x-example: 99999
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/DetailedTimeBasedAccount'
      x-code-samples:
      - lang: cURL
        source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/detailed/99999" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
  /account-management/time-based-accounts/{id}:
    get:
      summary: Retrieve sub account by ID
      description: Returns account information and configuration as a JSON object.
      tags:
        - Manage sub accounts
      operationId: get
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the account to retrieve
          x-example: 99999
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/TimeBasedAccount'
      x-code-samples:
      - lang: cURL
        source: 'curl -X GET "https://api.logz.io/v1/account-management/time-based-accounts/99999" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
    put:
      summary: Update a sub account
      tags:
        - Manage sub accounts
      operationId: updateTimeBasedAccount
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the account to update
          x-example: 99999
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/TimeBasedAccountUpsertRequest'
      responses:
        204:
          description: successful operation
      x-code-samples:
      - lang: cURL
        source: >-
          curl -X PUT \
          "https://api.logz.io/v1/account-management/time-based-accounts/88888" \
          -H "accept: application/json" -H "content-type: application/json" \
          -H "X-API-TOKEN: <token>" \
          -d "{
            \"email\": \"help@logz.io\",
            \"accountName\": \"AWS Lambda svr 3\",
            \"maxDailyGB\": 5,
            \"retentionDays\": 5,
            \"searchable\": true,
            \"accessible\": false,
            \"sharingObjectsAccounts\": [
                55555
            ],
            \"docSizeSetting\": true,
            \"utilizationSettings\": {
              \"frequencyMinutes\": 5,
              \"utilizationEnabled\": true
            }
          }"
    delete:
      summary: Delete a sub account
      description: Using an account ID, deletes a sub account.
      tags:
        - Manage sub accounts
      operationId: deleteTimeBasedAccount
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the account to delete
          x-example: 99999
      responses:
        204:
          description: successful operation
      x-code-samples:
        - lang: cURL
          source: 'curl -X DELETE "https://api.logz.io/v1/account-management/time-based-accounts/88888" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'

  # ::::: SEARCH, SCROLL
  /search:
    post:
      security: 
        - X-USER-TOKEN: []
      operationId: search
      summary: Search logs
      description: >-
        Searches your account data using the Elasticsearch [Search API DSL](https://www.elastic.co/guide/en/elasticsearch/reference/5.x/search.html) query language. 


        **Note:** To ensure speed and availability of your logs, we've restricted some options from the Elasticsearch defaults that could hamper system performance. Restrictions are described with their respective elements below.
      tags:
        - Search logs
      parameters:
        - in: body
          name: body
          required: true
          schema:
            type: object
            required:
              - query
            properties:
              query:
                type: object
                description: >-
                  #### Limitations

                  * Your query will run only on data sent today and yesterday. You can still specify a filter on `timestamp` to search a smaller time frame.

                  * When using `query_string`, `allow_leading_wildcard` must be set to `false`

                  * `wildcard` cannot start with `*` or `?`

                  * Cannot contain `fuzzy_max_expansions`, `max_expansions`, or `max_determinized_states`
              from:
                type: integer
                minimum: 0
                default: 0
                description: Of the results found, the first result to return
                example: 10
              size:
                type: integer
                description: Number of results to return
                default: 10
                example: 50
              sort:
                type: array
                description: >-
                  #### Limitations

                  * Cannot sort or aggregate on `message`
                items:
                  type: object
              _source:
                type: array
                description: >-
                  * _Option 1:_ A single item to say whether you want to return the `_source` field.

                  * _Option 2:_ An array of fields to return.
                items:
                  - type: boolean
                    description: To return the `_source` field, `true`. Otherwise, `false`.
                    example: true
                  - type: string
                    description: Fields to return
              post_filter:
                type: object
              aggs:
                type: object
                description: >-
                  #### Limitations

                  * When using the `size` element, the value must be ≤ `1000`

                  * Can't nest 2 or more bucket aggregations of these types: `date_histogram`, `geohash_grid`, `histogram`, `ip_ranges`, `significant_terms`, `terms`

                  * Can't sort or aggregate on the `message` field

                  * Aggregation type `significant_terms` can't be used

                  **Note:** You can use `aggs` or `aggregations` as the field name
                example: '{ \"byType\": { \"terms\": { \"field\": \"type\", \"size\": 5 } } }'
      x-code-samples:
        - lang: cURL
          source: >-
            curl -X POST https://api.logz.io/v1/search \
              -H 'Content-Type: application/json' \
              -H 'X-USER-TOKEN: <token>' \
              -d '{
              "size": 10,
              "query": {
                "bool": {
                  "must": [{
                    "range": {
                      "@timestamp": {
                        "gte": "now-5m",
                        "lte": "now"
                      }
                    }
                  }]
                }
              },
              "aggs": {
                "byType": {
                  "terms": {
                    "field": "type",
                    "size": 5
                  }
                }
              }
            }'
      responses:
        200:
          description: successful query
          schema:
            type: object
            example: '{ "hits": { "total": 339604, "max_score": 0, "hits": [] }, "aggregations": { "byType": { "doc_count_error_upper_bound": 0, "sum_other_doc_count": 44879, "buckets": [ { "key": "web-app", "doc_count": 163690 }, { "key": "core-service", "doc_count": 64893 } ] } } }'
        400:
          description: invalid query
        403:
          description: access forbidden
        429:
          description: rate limit exceeded
        503:
          description: service unavailable

  /scroll:
    post:
      summary: Scroll logs
      tags:
        - Search logs
      description: >-
        Searches your account data using the [Elasticsearch Search API DSL](https://www.elastic.co/guide/en/elasticsearch/reference/5.x/search.html) query language.


        **Note:** To ensure speed and availability of your logs, we've restricted some options from the Elasticsearch defaults that could hamper system performance. Restrictions are described with their respective elements below.
      operationId: scroll
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/ScrollRequest'
      x-code-samples:
        - lang: cURL
          source: >-
            curl -X POST https://api.logz.io/v1/scroll \
              -H 'Content-Type: application/json' \
              -H 'X-API-TOKEN: <token>' \
              -d '{
              "size": 10,
              "query": {
                "bool": {
                  "must": [{
                    "range": {
                      "@timestamp": {
                        "gte": "now-5m",
                        "lte": "now"
                      }
                    }
                  }]
                }
              },
              "aggs": {
                "byType": {
                  "terms": {
                    "field": "type",
                    "size": 5
                  }
                }
              }
            }'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/ScrollResponse'
        400:
          description: invalid query
        403:
          description: access forbidden
        429:
          description: rate limit exceeded
        503:
          description: service unavailable

  # ::::: AUDIT TRAIL
  /audit-trail/event-types:
    post:
      operationId: listAccountAuditTrails
      summary: Retrieve all event types in the audit trail
      description: Returns an array of strings. Each string is an event type that appears in the account's audit trail. Each event type is shown once, no matter how many times it occurs in the acconut's audit trail.
      tags:
        - Retrieve audit trail
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/AuditTrailEventTypesResponse'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/audit-trail/event-types" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
  /audit-trail:
    post:
      operationId: listAccountAuditTrailsFiltered
      summary: Retrieve a filtered list of audit trail events
      tags:
        - Retrieve audit trail
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/AuditTrailFilterRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/audit-trail" -H "accept: application/json" -H "X-API-TOKEN: <token>" -H "Content-Type: application/json" -d "{\"from\":20, \"size\":15, \"fromDate\":1520444072192, \"toDate\":1528216472192, \"sortDescending\":true, \"includeFiltersData\":true, \"auditEventType\":null, \"auditEventUser\":null}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/AuditTrailFilteredResponse'

  # ::::: CLOUDTRAIL
  /log-shipping/cloudtrails:
    get:
      operationId: getAccountCloudTrails
      summary: Retrieve all CloudTrail links
      description: >-
        Returns a list of CloudTrail links attached to your Logz.io account


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage CloudTrail links
      responses:
        200:
          description: successful operation
          schema:
            type: array
            items:
              $ref: '#/definitions/CloudTrailResponse'
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/log-shipping/cloudtrails" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
    post:
      operationId: createCloudTrail
      summary: Create a CloudTrail link
      description: >-
        Creates a new link to your CloudTrail data in an AWS S3 bucket.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage CloudTrail links
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/CloudTrailRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/IdBean'
      x-code-samples:
        - lang: cURL
          source: >-
            'curl -X POST "https://api.logz.io/v1/log-shipping/cloudtrails" \
            -d "{
              \"accessKey\": \"ee07df5801500745419c6dff\",
              \"secretKey\": \"506d891fe2163a511b450eddc3279539f6\",
              \"bucket\": \"LogzioBucket\",
              \"prefix\": \"AWSLogs/7364988021587/myprefix\",
              \"active\": true
            }"'
  /log-shipping/cloudtrails/{id}:
    get:
      operationId: getCloudTrail
      summary: Retrieve a CloudTrail link by ID
      description: >-
        Returns connection information on a single CloudTrail link.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage CloudTrail links
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the CloudTrail link
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/CloudTrailResponse'
    put:
      operationId: updateCloudTrail
      summary: Update a CloudTrail link
      description: >-
        Updates connection information for a CloudTrail link.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage CloudTrail links
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/CloudTrailRequest'
        - name: id
          in: path
          required: true
          type: integer
          format: int32
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/MessageBean'
    delete:
      operationId: deleteCloudTrail
      summary: Delete a CloudTrail link
      description: >-
        Deletes a Logz.io link to CloudTrail.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage CloudTrail links
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/MessageBean'

  # ::::: NOTIFICATION ENDPOINTS
  /endpoints/slack:
    post:
      operationId: createSlack
      summary: Create a Slack endpoint
      tags:
        - Manage notification endpoints
      description: Creates a new Slack notification endpoint or sends a test message to Slack
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/SlackEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/slack?test=false" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d \"{  \"title\": \"New Slack endpoint\",  \"description\": \"Sends notifications to #logzio-alerts channel\",  \"url\": \"https://hooks.slack.com/services/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\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/slack/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update Slack endpoint
      description: Updates a Slack notification endpoint or sends a test message to Slack
      operationId: updateSlack
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/SlackEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/endpoints/slack/269?test=false" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"Updated Slack endpoint\",  \"description\": \"Sends notifications to #logzio-alerts channel\",  \"url\": \"https://hooks.slack.com/services/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\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/custom:
    post:
      tags:
        - Manage notification endpoints
      summary: Create a custom notification endpoint
      description: Creates a new notification endpoint for a custom integration or sends a test message to the custom endpoint.
      operationId: createCustom
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/CustomEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/custom" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"title\": \"New custom endpoint\", \"description\": \"Sends notifications to my custom endpoint\", \"url\": \"https://my.custom-endpoint.com\", \"method\": \"POST\", \"headers\": \"authKey=6e30-60a9-3591\", \"bodyTemplate\": {\"subject\": \"Alert from Logz.io\", \"message\": {\"severity\": \"LOW\", \"body\": \"Check Logz.io for log activity\"} }}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/custom/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update a custom notification endpoint
      description: Updates a new notification endpoint for a custom integration or sends a test message to the custom endpoint.
      operationId: updateCustom
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/CustomEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/endpoints/custom/275" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"title\": \"Updated custom endpoint\", \"description\": \"Sends notifications to my custom endpoint\", \"url\": \"https://my.custom-endpoint.com/\", \"method\": \"POST\", \"headers\": \"authKey=6e30-60a9-3591\", \"bodyTemplate\": {\"subject\": \"Alert from Logz.io\", \"message\": {\"severity\": \"LOW\", \"body\": \"Check Logz.io for log activity\"} }}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/pager-duty:
    post:
      tags:
        - Manage notification endpoints
      summary: Create a PagerDuty endpoint
      description: Creates a new PagerDuty notification endpoint or sends a test message to PagerDuty.
      operationId: createPagerDuty
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/PagerDutyEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/pager-duty" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"New PagerDuty endpoint\",  \"description\": \"Sends notifications to PagerDuty\",  \"serviceKey\": \"78c3b6cf0a884a538410fe281227eb0b\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/pager-duty/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update a PagerDuty endpoint
      description: Updates a PagerDuty notification endpoint or sends a test message to PagerDuty
      operationId: updatePagerDuty
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/PagerDutyEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/endpoints/pager-duty/271" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"Updated PagerDuty endpoint\", \"description\": \"Sends notifications to PagerDuty\", \"serviceKey\": \"78c3b6cf0a884a538410fe281227eb0b\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/big-panda:
    post:
      tags:
        - Manage notification endpoints
      summary: Create a BigPanda endpoint
      description: Creates a new BigPanda notification endpoint or sends a test message to BigPanda.
      operationId: createBigPanda
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/BigPandaEndpointUpsertRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/big-panda" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"New BigPanda endpoint\",  \"description\": \"Sends notifications to BigPanda\",  \"apiToken\": \"94ad63254a1397a51a1ae340c4f10890\",  \"appKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
  /endpoints/big-panda/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update a BigPanda endpoint
      description: Updates a BigPanda notification endpoint or sends a test message to BigPanda
      operationId: updateBigPanda
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/BigPandaEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/endpoints/big-panda/272" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"title\": \"Updated BigPanda endpoint\", \"description\": \"Sends notifications to BigPanda\", \"apiToken\": \"94ad63254a1397a51a1ae340c4f10890\", \"appKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/data-dog:
    post:
      tags:
        - Manage notification endpoints
      summary: Create a Datadog endpoint
      description: Creates a new Datadog notification endpoint or sends a test message to Datadog.
      operationId: createDataDog
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/DatadogEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/data-dog" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"New Datadog endpoint\",  \"description\": \"Sends notifications to Datadog\",  \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/data-dog/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update a Datadog endpoint
      description: Updates a Datadog notification endpoint or sends a test message to Datadog
      operationId: updateDataDog
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/DatadogEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "http://endpoints/data-dog/273" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"title\": \"Updated Datadog endpoint\", \"description\": \"Sends notifications to Datadog\", \"apiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/victorops:
    post:
      tags:
        - Manage notification endpoints
      summary: Create a VictorOps endpoint
      description: Creates a new VictorOps notification endpoint or sends a test message to VictorOps.
      operationId: createVictorops
      parameters:
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not created. To create the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/VictoropsEndpointUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/endpoints/victorops" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{  \"title\": \"New VictorOps endpoint\",  \"description\": \"Sends notifications to VictorOps\",  \"routingKey\": \"devops\",  \"messageType\": \"WARNING\",  \"serviceApiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
  /endpoints/victorops/{id}:
    put:
      tags:
        - Manage notification endpoints
      summary: Update a VictorOps endpoint
      description: Updates a VictorOps notification endpoint or sends a test message to VictorOps
      operationId: updateVictorops
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
        - name: test
          in: query
          required: false
          type: boolean
          default: false
          description: >-
            To send a test message to the endpoint, `true`. Otherwise, `false`.


            **Note:** If set to `true`, the notification endpoint is not updated. To update the endpoint, you need to send the API request where `test=false`.
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/VictoropsEndpointUpsertRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/EndpointUpsertResponse'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/endpoints/victorops/274" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"title\": \"New VictorOps endpoint\", \"description\": \"Sends notifications to VictorOps\", \"routingKey\": \"devops\", \"messageType\": \"WARNING\", \"serviceApiKey\": \"c687f9231619d7d7b959f33e4cc821a5\"}"'
  /endpoints/{id}:
    get:
      tags:
        - Manage notification endpoints
      summary: Retrieve an endpoint by ID
      description: Returns a JSON object representing a notification endpoint configured in the account.
      operationId: getEndpointById
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/endpoints/88" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/Endpoint'
    delete:
      tags:
        - Manage notification endpoints
      summary: Delete an endpoint
      description: Deletes a notification endpoint
      operationId: deleteEndpoint
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the notification endpoint
      x-code-samples:
        - lang: cURL
          source: 'curl -X DELETE "https://api.logz.io/v1/endpoints/269" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        204:
          description: successful operation
  /endpoints:
    get:
      tags:
        - Manage notification endpoints
      summary: Retrieve all notification endpoints
      description: Returns an array of JSON objects. Each object represents a notification endpoint configured in the account.
      operationId: getAllEndpoints
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/endpoints" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            type: array
            items:
              $ref: '#/definitions/Endpoint'

  # ::::: KIBANA IMPORT/EXPORT
  /kibana/export:
    post:
      tags:
        - Import or export Kibana objects
      summary: Export Kibana objects
      description: >-
        Exports the configuration of Kibana objects. All objects of a single type (search, visualization, or dashboard) are returned as an array of JSON objects. For example, if you export `visualization`, each visualization is returned as a JSON object.


        You can import objects using the [/kibana/import](#operation/importSavedObjects) endpoint.
      operationId: exportSavedObjects
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/KibanaExportRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/kibana/export" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>" -d "{\"type\": \"visualization\"}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/KibanaExportResponse'
  /kibana/import:
    post:
      tags:
        - Import or export Kibana objects
      summary: Import Kibana objects
      description: Imports Kibana search, visualization, or dashboard objects. You can export objects using the [/kibana/export](#operation/exportSavedObjects) endpoint.
      operationId: importSavedObjects
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/KibanaImportRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/KibanaImportResponse'
      x-code-samples:
        - lang: cURL
          source: >-
            curl -X POST "https://api.logz.io/v1/kibana/import" \
            -H "accept: application/json" -H "content-type: application/json" \
            -H "X-API-TOKEN: <token>" \
            -d "{
              \"kibanaVersion\": \"4.0.0-beta3\",
              \"override\": true,
              \"hits\": [
                {
                  \"_index\": \"logzioCustomerKibanaIndex\",
                  \"_type\": \"search\",
                  \"_id\": \"c245e530-fc60-11e7-b120-5320b1759c57\",
                  \"_score\": 1,
                  \"_source\": {
                    \"title\": \"example-saved-query\",
                    \"description\": \"\",
                    \"hits\": 0,
                    \"columns\": [
                      \"message\"
                    ],
                    \"sort\": [
                      \"@timestamp\",
                      \"desc\"
                    ],
                    \"version\": 1,
                    \"kibanaSavedObjectMeta\": {
                      \"searchSourceJSON\": \"{\"index\":\"[logzioCustomerIndex]YYMMDD\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"example-saved-query\"}},\"filter\":[]}\"
                    },
                    \"_createdBy\": {
                      \"userId\": 1,
                      \"fullName\": \"testadmin@logz.io\",
                      \"username\": \"testadmin@logz.io\"
                    },
                    \"_createdAt\": 1516287816456,
                    \"_updatedBy\": {
                      \"userId\": 1,
                      \"fullName\": \"testadmin@logz.io\",
                      \"username\": \"testadmin@logz.io\"
                    },
                    \"_updatedAt\": 1516287816456
                  }
                }
              ]
            }"


  # ::::: SHARED TOKENS
  /shared-tokens/filters:
    get:
      operationId: getAllFilters
      summary: Retrieve all token filters
      description: >-
        Returns an array of JSON objects, where each object shows information for one token filter.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/filters" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            type: array
            uniqueItems: true
            items:
              $ref: '#/definitions/QueryFilter'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
    post:
      operationId: createFilter
      summary: Create a token filter
      description: >-
        Creates a new token filter.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/QueryFilter'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/QueryFilter'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
  /shared-tokens/filters/{id}:
    get:
      operationId: getFilter
      summary: Retrieve a token filter by ID
      description: >-
        Returns a token filter as a JSON object.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the token filter
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/filters/345" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/QueryFilter'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
    delete:
      operationId: deleteFilter
      summary: Delete a token filter
      description: >-
        Deletes a token filter.


        <span style='color: red'>**Warning:**</span> Deleting a token filter can change the behavior of your integrations. As a best practice, test all integrations when updating or deleting shared tokens or filters.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the token filter
      x-code-samples:
        - lang: cURL
          source: 'curl -X DELETE "https://api.logz.io/v1/shared-tokens/filters/345" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
  /shared-tokens/{id}:
    get:
      operationId: getToken
      summary: Retrieve a shared token by ID
      description: >-
        Returns a shared token as a JSON object.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the shared token
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/shared-tokens/1242" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/SharedToken'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
    put:
      operationId: updateToken
      summary: Update a shared token
      description: >-
        Changes the filters attached to a shared token.


        <span style='color: red'>**Warning:**</span> Updating a shared token can change the behavior of your integrations. As a best practice, test all integrations when updating or deleting shared tokens or filters.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/UpdateSharedTokenRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/shared-tokens/1242" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{\"filters\":[339]}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/SharedToken'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
    delete:
      operationId: deleteToken
      summary: Delete a shared token
      description: >-
        Deletes a shared token.


        <span style='color: red'>**Warning:**</span> Deleting a shared token can change the behavior of your integrations. As a best practice, test all integrations when updating or deleting shared tokens or filters.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the shared token
      x-code-samples:
        - lang: cURL
          source: 'curl -X DELETE "https://api.logz.io/v1/shared-tokens/1250" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
      responses:
        204:
          description: successful operation
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
  /shared-tokens:
    get:
      operationId: getAllTokens
      summary: Retrieve all shared tokens
      description: >-
        Returns an array of JSON objects, where each object shows information for one token.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      responses:
        200:
          description: successful operation
          schema:
            type: array
            uniqueItems: true
            items:
              $ref: '#/definitions/SharedToken'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/shared-tokens" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>"'
    post:
      operationId: createToken
      summary: Create a shared token
      description: >-
        Creates a new shared token.


        **Note:** This endpoint requires permissions that must be set by our Support team. Please email [help@logz.io](mailto:help@logz.io) for assistance.
      tags:
        - Manage shared tokens
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/CreateSharedTokenRequest'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/SharedToken'
        400:
          description: not found
          schema:
            type: object
            properties:
              message:
                type: string
                example: token with id 12345 not found for account 54321
                description: The shared token or query filter could not be found
        403:
          description: forbidden
          schema:
            type: object
            properties:
              message:
                type: string
                example: Insufficient privileges
                description: Insufficient privileges. Contact our Support Team for access to this API feature.
        503:
          description: service temporarily unavailable. please try again.
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/shared-tokens" -H  "accept: application/json" -H  "content-type: application/json" -H  "X-API-TOKEN: <token>" -d "{ \"tokenName\": \"Support shared token\", \"filters\":[339]}"'

  # ::::: SNAPSHOTS
  /snapshotter:
    post:
      tags:
        - Logz.io snapshots
      summary: Create a snapshot
      description: Creates a new Kibana shapshot and shares with recipients through email or notification endpoint
      operationId: createSnapshot
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/SnapshotCreateRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/snapshotter/snapshotter" -H "accept: application/json" -H "X-API-TOKEN: <token>" -H "Content-Type: application/json" -d "{ \"snapshotType\": \"VISUALIZATION\", \"snapshotSavedObjectId\": \"c3cf4ac9-81f7-60ef-1a9d-d32c1fa7c012\", \"emails\": [ \"shalom@logz.io\" ], \"message\": \"Hey, let me know if you need me to do anything about this.\", \"timeFrameFrom\": 1527951945, \"timeFrameTo\": 1528038346, \"snapshotTimeZone\": \"UTC\", \"darkTheme\": true}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/SnapshotCreateResponse'
  /snapshotter/{snapshotId}:
    get:
      tags:
        - Logz.io snapshots
      summary: Retrieve a snapshot by ID
      description: Returns a snapshot of a Kibana visualization or dashboard as a JSON object
      operationId: getSnapshot
      parameters:
        - name: snapshotId
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the snapshot
          example: 3094
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/snapshotter/3094" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/SnapshotGetResponse'

  # ::::: USER MANAGEMENT
  /user-management:
    get:
      summary: Retrieve all users
      description: Returns a list of users as an array of JSON objects.
      tags:
        - Manage users
      operationId: listUsers
      responses:
        200:
          description: successful operation
          schema:
            type: array
            items:
              $ref: '#/definitions/User'
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/user-management" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
    post:
      summary: Create a user
      description: Creates a new user with specified permissions to access your log data
      tags:
        - Manage users
      operationId: createUser
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/UserManagementUpsertRequest'
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/user-management" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>" -d "{ \"username\": \"artvandelay@kramerica.com\",  \"fullName\": \"Art Vandelay\",  \"accountID\": 11111,  \"roles\": [ 2 ]}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/UserManagementUpsertResponse'
  /user-management/{id}:
    get:
      tags:
        - Manage users
      summary: Retrieve a user by ID
      description: Returns user information and permissions as a JSON object
      operationId: getUser
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the user
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/User'
      x-code-samples:
        - lang: cURL
          source: 'curl -X GET "https://api.logz.io/v1/user-management/55555" -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>"'
    put:
      tags:
        - Manage users
      summary: Update a user
      description: Changes an existing user's details or permissions.
      operationId: updateUser
      parameters:
        - in: body
          name: body
          required: false
          schema:
            $ref: '#/definitions/UserManagementUpsertRequest'
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the user
          example: 11300
      x-code-samples:
        - lang: cURL
          source: 'curl -X PUT "https://api.logz.io/v1/user-management/12345"  -H "accept: application/json" -H "content-type: application/json" -H "X-API-TOKEN: <token>" -d "{ \"username\": \"drvenkman@gbusters.com\",  \"fullName\": \"Peter Venkman\",  \"accountID\": 13485,  \"roles\": [ 2 ]}"'
      responses:
        200:
          description: successful operation
          schema:
            $ref: '#/definitions/UserManagementUpsertResponse'
    delete:
      tags:
        - Manage users
      summary: Delete a user
      description: Revokes a user's access to your accounts
      operationId: deleteUser
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the user
          example: 11300
      x-code-samples:
        - lang: cURL
          source: 'curl -X DELETE "https://api.logz.io/v1/user-management/11300" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        204:
          description: successful operation
  /user-management/suspend/{id}:
    post:
      tags:
        - Manage users
      summary: Suspend a user
      description: Locks a user's access to your accounts
      operationId: suspendUser
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the user
          example: 3325
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/user-management/suspend/11300" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        204:
          description: successful operation
  /user-management/unsuspend/{id}:
    post:
      tags:
        - Manage users
      summary: Unsuspend a user
      description: Restores a suspended user's access to your accounts
      operationId: unsuspendUser
      parameters:
        - name: id
          in: path
          required: true
          type: integer
          format: int32
          description: ID of the user
          example: 3325
      x-code-samples:
        - lang: cURL
          source: 'curl -X POST "https://api.logz.io/v1/user-management/unsuspend/11300" -H "accept: application/json" -H "X-API-TOKEN: <token>"'
      responses:
        204:
          description: successful operation



definitions:
  # ::::: ACCOUNTS DEFINITIONS
  AccountUtilizationSettings:
    type: object
    description: Settings for logging metrics on your account utilization,&nbsp;
such as used and expected data volume at current indexing rate.
    properties:
      frequencyMinutes:
        type: integer
        format: int32
        description: How often utilization metrics are written to logs, in minutes
        example: 5
      utilizationEnabled:
        type: boolean
        description: If utilization metrics are written to logs, `true`. Otherwise, `false`.
        example: true
  AccountView:
    type: object
    properties:
      accountId:
        type: integer
        format: int32
      accountName:
        type: string
      accountToken:
        type: string
      active:
        type: boolean
      esIndexPrefix:
        type: string
      maxDailyGB:
        type: number
        format: float
      retentionDays:
        type: integer
        format: int32
        description: Data retention time, in days
  DailyUsagesList:
    type: object
    properties:
      usage:
        type: array
        items:
          $ref: '#/definitions/LHDailyCount'
  DetailedTimeBasedAccount:
    type: object
    properties:
      subAccountRelation:
        $ref: '#/definitions/SubAccountRelation'
      account:
        $ref: '#/definitions/AccountView'
      sharingObjectsAccounts:
        type: array
        items:
          $ref: '#/definitions/AccountView'
      utilizationSettings:
        $ref: '#/definitions/AccountUtilizationSettings'
      dailyUsagesList:
        $ref: '#/definitions/DailyUsagesList'
      docSizeSetting:
        $ref: '#/definitions/DocSizeSetting'
  LHDailyCount:
    type: object
    properties:
      date:
        type: integer
        format: int64
      bytes:
        type: integer
        format: int64
  SharingAccount:
    type: object
    properties:
      accountId:
        type: integer
        format: int32
        description: ID of the account
        example: 88888
      accountName:
        type: string
        description: Name of the account
        example: dev group 8
  SubAccountRelation:
    type: object
    description: Properties of the sub accounts related to this main account
    properties:
      ownerAccountId:
        type: integer
        format: int32
        description: ID of the main account
        example: 88765
      subAccountId:
        type: integer
        format: int32
        description: ID of the sub account
        example: 89234
      searchable:
        $ref: "#/definitions/Searchable"
      accessible:
        $ref: "#/definitions/Accessible"
      createdDate:
        type: string
        format: date-time
        description: >-
          Date this account was created.
          Format: `{yyyy}-{mm}-{dd}T{hh}:{mm}:{ss}Z`
        example: 2018-02-22T09:14:53Z
      lastUpdatedDate:
        type: string
        format: date-time
        description: >-
          Date this account was last updated.
          Format: `{yyyy}-{mm}-{dd}T{hh}:{mm}:{ss}Z`
        example: 2018-04-01T19:18:38Z
      lastUpdaterUserId:
        type: integer
        format: int32
        description: ID of the user who last updated this account
        example: 33342
      type:
        type: string
        enum:
          - OWNER_ACCOUNT
          - SUB_ACCOUNT
          - TIMELESS_INDEX
          - ALL
        description: Account type
        example: SUB_ACCOUNT
  TimeBasedAccount:
    type: object
    properties:
      accountId:
        type: integer
        format: int32
        description: ID of the account
        example: 99999
      email:
        type: string
        description: Email address of the user who created the account
        example: them@mycompany.com
      accountName:
        type: string
        description: Name of the account
        example: 404 errors
      accountToken:
        type: string
        description: Account token (unique to this account)
        example: f483abe93b
      maxDailyGB:
        type: number
        format: float
        description: Maximum daily usage, in GB
        example: 100
      retentionDays:
        type: integer
        format: int32
        description: Data retention time, in days
        example: 5
      searchable:
        $ref: "#/definitions/Searchable"
      accessible:
        $ref: "#/definitions/Accessible"
      docSizeSetting:
        $ref: '#/definitions/DocSizeSetting'
      sharingObjectsAccounts:
        type: array
        items:
          $ref: '#/definitions/SharingAccount'
        description: Accounts that can access this account's data
      utilizationSettings:
        $ref: '#/definitions/AccountUtilizationSettings'
  TimeBasedAccountCreationResponse:
    type: object
    properties:
      accountId:
        type: integer
        format: int32
        description: ID of the account
        example: 99999
      accountToken:
        type: string
        description: Account token (unique to this account)
        example: x93afghvexbn841h45vkjn5
  TimeBasedAccountUpsertRequest:
    type: object
    required:
      - email
      - accountName
      - sharingObjectsAccounts
      - retentionDays
    properties:
      email:
        type: string
        pattern: "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$"
        description: Account administrator's email address
        example: help@logz.io
      accountName:
        type: string
        description: Name of the account
        example: AWS Lambda svr 3
      maxDailyGB:
        type: number
        format: float
        description: Maximum daily usage, in GB
        example: 5
        default: 1
      retentionDays:
        type: integer
        format: int32
        description: Data retention time, in days
        minimum: 1
        example: 5
      searchable:
        $ref: "#/definitions/Searchable"
      accessible:
        $ref: "#/definitions/Accessible"
      sharingObjectsAccounts:
        type: array
        items:
          type: integer
          format: int32
          example: [ 88888, 55555 ]
        description: IDs of accounts that can access this account's data
      docSizeSetting:
        $ref: '#/definitions/DocSizeSetting'
      utilizationSettings:
        $ref: '#/definitions/AccountUtilizationSettings'
  Searchable:
    type: boolean
    description: If other accounts can search this account's logs, `true`. Otherwise, `false`.
    default: false
    example: true
  Accessible:
    type: boolean
    description: If users of the main account can access this account, `true`. Otherwise, `false`.
    default: false
    example: false
  DocSizeSetting:
    type: boolean
    description: If document size is attached to logs, `true`. Otherwise, `false`.
    default: false
    example: true
  
  # ::::: AUDIT TRAIL DEFINITIONS
  AuditTrailEventTypesResponse:
    type: object
    properties:
      eventTypes:
        type: array
        items:
          type: string
        description: Event types in the audit trail
        example: [ "Added user", "Admin created a sub account", "Changed password", "Failed login", "Login", "Logz.io admin has enabled a sawmill configuration", "Suspended user", "User created a token", "User installed an ELK app" ]
  AuditEventData:
    type: object
    properties:
      auditEventUser:
        $ref: '#/definitions/AuditEventUser'
      date:
        type: integer
        format: int64
        description: Date of the audit event, as a Unix epoch integer
        example: 1527168668
      auditEventTypeTitle:
        type: string
        description: The event type
        example: Admin created a sub account
      ip:
        type: string
        description: IP address of the client device that generated the event
        example: 52.203.237.249
      geoLocation:
        type: string
        description: Geographical location of the device that made the request
        example: New York - USA
      extraDataList:
        type: array
        items:
          $ref: '#/definitions/AuditEventExtraData'
      valid:
        type: boolean
  AuditEventExtraData:
    type: object
    properties:
      fieldName:
        type: string
        description: Name of the field
        example: Account name
      oldValue:
        type: string
        description: Original value of the field
        example: Test account
      newValue:
        type: string
        description: New value of the field
        example: Apache access logs
  AuditEventTypeData:
    type: object
    properties:
      auditEventType:
        type: string
        description: Code for the event type
        example: ADD_USER
      auditEventTypeTitle:
        type: string
        description: Description of the event type
        example: Added user
  AuditEventUser:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: ID of the user or token
        example: 5374
      fullName:
        type: string
        description: First and last name of the user, or name of the token
        example: Larry Appleton
      deleted:
        type: boolean
        description: If this user or token has been deleted, `true`. Otherwise, `false`.
        example: false
      userToken:
        type: boolean
        description: If this is a token, `true`. If this is a user, `false`.
  AuditTrailFilteredResponse:
    type: object
    properties:
      pageSize:
        type: integer
        format: int32
        minimum: 0
        maximum: 500
        description: The number of results requested
        example: 50
      from:
        type: integer
        format: int32
        minimum: 0
        maximum: 2147483647
        description: Of the results found, the first result returned
        example: 0
      total:
        type: integer
        format: int64
        minimum: 0
        maximum: 500
        description: Total number of results that met the search criteria
      results:
        type: array
        items:
          $ref: '#/definitions/AuditEventData'
      auditEventUsersList:
        type: array
        items:
          $ref: '#/definitions/AuditEventUser'
      auditEventTypesList:
        type: array
        items:
          $ref: '#/definitions/AuditEventTypeData'
  AuditTrailFilterRequest:
    type: object
    properties:
      size:
        type: integer
        format: int32
        minimum: 0
        maximum: 500
        default: 500
        description: Maximum number of results to return
        example: 150
      from:
        type: integer
        format: int32
        minimum: 0
        maximum: 2147483647
        default: 0
        description: Of the results found, the first result to return
        example: 15
      auditEventUser:
        $ref: '#/definitions/AuditEventUser'
      auditEventType:
        type: string
        description: Code for the event type
        example: ADD_USER
      fromDate:
        type: integer
        format: int64
        description: Starting timedate, as a Unix epoch integer
        example: 389880000
      toDate:
        type: integer
        format: int64
        description: Ending timedate, as a Unix epoch integer
        example: 414763200
      sortDescending:
        type: boolean
        description: To sort results in descending order, `true`. For ascending order, `false`.
      includeFiltersData:
        type: boolean

  # ::::: CLOUDTRAIL DEFINITIONS
  CloudTrailResponse:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: ID of the CloudTrail link
        example: 15
      accessKey:
        type: string
        description: AWS S3 access key
        example: ee07df5801500745419c6dff
      bucket:
        type: string
        description: AWS S3 bucket name
        example: cloudtrails bucket
      prefix:
        type: string
        description: AWS S3 key prefix
        example: AWSLogs/7364988021587/myprefix
      active:
        type: boolean
        description: If the CloudTrail link is active, `true`. If it is disabled, `false`.
        example: true
  IdBean:
    type: object
    properties:
      id:
        type: integer
        format: int32
        readOnly: true
        minimum: 1
        description: ??
  CloudTrailRequest:
    type: object
    properties:
      accessKey:
        type: string
        description: AWS S3 access key
        example: ee07df5801500745419c6dff
      secretKey:
        type: string
        description: AWS secret access key
        example: 506d891fe2163a511b450eddc3279539f6
      bucket:
        type: string
        description: AWS S3 bucket name
        example: LogzioBucket
      prefix:
        type: string
        description: AWS S3 key prefix
        example: AWSLogs/7364988021587/myprefix
      active:
        type: boolean
        description: If the CloudTrail link is active, `true`. If it is disabled, `false`.
  MessageBean:
    type: object
    properties:
      message:
        type: string
        readOnly: true

  # ::::: NOTIFICATION ENDPOINTS DEFINITIONS
  EndpointUpsertResponse:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: "ID of the notification endpoint. If the API call was made where `test=true`, then no changes are made to the endpoint. In this case, the response body contains `{\"id\": -1}` to indicate that a test message was sent."
        example: 88
  SlackEndpointUpsertRequest:
    type: object
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: New Slack endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to logzio-alerts channel
      url:
        type: string
        description: Your Slack webhook URL
        example: https://hooks.slack.com/services/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
  CustomEndpointUpsertRequest:
    type: object
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: New custom endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to my custom endpoint
      url:
        type: string
        description: URL where the notification will be sent
        example: https://my.custom-endpoint.com
      method:
        type: string
        description: The HTTP used to send the notification
        example: POST
      headers:
        type: string
        description: Header parameters to include, as comma-separated key-value pairs
        example: authKey=6e30-60a9-3591
      bodyTemplate:
        type: object
        description: JSON object that serves as the template for the message body.
        additionalProperties:
          type: object
        example: {"subject": "Alert from Logz.io", "message": {"severity": "LOW", "body": "Check Logz.io for log activity"}}
  PagerDutyEndpointUpsertRequest:
    type: object
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: PagerDuty endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to PagerDuty
      serviceKey:
        type: string
        description: API key from PagerDuty
        example: 94ad63254a1397a51a1ae340c4f10890
  BigPandaEndpointUpsertRequest:
    type: object
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: BigPanda endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to BigPanda
      apiToken:
        type: string
        description: API authentication token from BigPanda
        example: 94ad63254a1397a51a1ae340c4f10890
      appKey:
        type: string
        description: Application key from BigPanda
        example: c687f9231619d7d7b959f33e4cc821a5
  DatadogEndpointUpsertRequest:
    type: object
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: Datadog endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to Datadog
      apiKey:
        type: string
        description: API key from Datadog
        example: c687f9231619d7d7b959f33e4cc821a5
  VictoropsEndpointUpsertRequest:
    type: object
    required:
      - messageType
      - routingKey
      - serviceApiKey
    properties:
      title:
        type: string
        description: Name of the endpoint
        example: VictorOps endpoint
      description:
        type: string
        description: Detailed description of the endpoint
        example: Sends notifications to VictorOps
      routingKey:
        type: string
        description: Alert routing key from VictorOps
        example: devops
      messageType:
        type: string
        description: VictorOps REST API `message_type`. For more information, see [VictorOps knowledge base](https://help.victorops.com/knowledge-base/victorops-restendpoint-integration/).
        example: WARNING
      serviceApiKey:
        type: string
        description: API key from VictorOps
        example: c687f9231619d7d7b959f33e4cc821a5
  Endpoint:
    type: object
    properties:
      endpointType:
        type: string
        enum:
          - BigPanda
          - Slack
          - Datadog
          - Custom
          - PagerDuty
          - VictorOps
        description: The notification endpoint type that will receive alert messages
        example: Slack
      id:
        type: integer
        format: int32
        description: ID of the notification endpoint
        example: 88
      title:
        type: string
        description: Name of the endpoint
        example: Slack
      description:
        type: string
        description: Detailed description of the endpoint
        example: Endpoint for sending alerts to Slack

  # ::::: KIBANA IMPORT/EXPORT DEFINITIONS
  KibanaExportResponse:
    type: object
    properties:
      kibanaVersion:
        type: string
        readOnly: true
        description: The version of Kibana used at the time of export
        example: 4.0.0-beta3
      hits:
        type: array
        readOnly: true
        items:
          type: object
        description: Exported Kibana objects
  KibanaExportRequest:
    type: object
    required:
      - type
    properties:
      type:
        type: string
        enum:
          - search
          - visualization
          - dashboard
        description: The object type to export
  KibanaImportResponse:
    type: object
    properties:
      created:
        type: array
        readOnly: true
        items:
          type: string
          example: E-commerce-App-Transactions-overtime
        description: Name of Kibana objects that were created
      updated:
        type: array
        readOnly: true
        items:
          type: string
          example: HTTP-Response-over-time
        description: Names of the Kibana objects that were overwritten. Objects are shown here only if `override` was `true` in the import call.
      ignored:
        type: array
        readOnly: true
        items:
          type: string
          example: Transaction-overtime
        description: Names of the Kibana objects that were not overwritten. Objects are shown here only if `override` was `false` in the import call.
      failed:
        type: array
        readOnly: true
        items:
          type: string
          example: Apache-Response-Over-Time
        description: Names of the Kibana objects that could not be created, updated, or ignored.
  KibanaImportRequest:
    type: object
    properties:
      kibanaVersion:
        type: string
        description: The version of Kibana used at the time of export. This must match the current version of Kibana that you're importing to.
        example: 4.0.0-beta3
      override:
        type: boolean
        description: >-
          To update an existing object with the same ID, `true`. Otherwise, `false`.


          If override is `true`, response message shows overwritten objects as `updated`. If override is `false`, no existing objects are updated, and response message shows these objects as `ignored`.
        example: false
      hits:
        type: array
        items:
          type: object
          additionalProperties:
            type: object
        description: >-
          Each JSON object in the array represents a discrete Kibana object.


          **Note:** As a best practice, import only objects that were exported from Kibana.

  # ::::: SEARCH, SCROLL DEFINITIONS
  ScrollResponse:
    type: object
    properties:
      code:
        type: integer
        format: int32
        readOnly: true
        example: 200
      scrollId:
        type: string
        readOnly: true
        description: ID of this response. Use this in `scroll_id` in the next scroll request to retrieve the next set of scroll results.
        example: DnF1ZXJ5VGhlbkZldGNoCQAAAAAWXRbqFlNpSWRrTUtXUUR1N1pJbG9uSkJINncAAAAAFp6B-xZTTVFrMGt4eVFnZXhQZV9YbVRrU3NnAAAAABakA8QWNjY1RUZtdWZRS1NZZWt1ZERTNHNaQQAAAAAWXRbrFlNpSWRrTUtXUUR1N1pJbG9uSkJINncAAAAAFl0W7BZTaUlka01LV1FEdTdaSWxvbkpCSDZ3AAAAABQ1nb4WVjRyRlUxZWRUU0dzbTV5VVVqYkhxdwAAAAAUdHVqFlF0b3Znei1ZUXgtZEkyZkR3M0pMbGcAAAAAFvGs6hZKVklxaXIyZ1NOQzF5NHg1cmhtVDV3AAAAABR0dWkWUXRvdmd6LVlReC1kSTJmRHczSkxsZw==
      hits:
        type: string
        readOnly: true
        description: Query results
  ScrollRequest:
    type: object
    properties:
      query:
        type: object
        description: >-
          Search query. Uses Elasticsearch [Search API DSL](https://www.elastic.co/guide/en/elasticsearch/reference/5.x/search.html) query language.


          In Your first request of a scroll series, `query` is used to establish the search query. In all subsequent requests of the series, you'll use `scroll_id`.

          #### Limitations

          * Your query will run only on data sent today and yesterday. You can still specify a filter on `timestamp` to search a smaller time frame.

          * When using `query_string`, `allow_leading_wildcard` must be set to `false`

          * `wildcard` cannot start with `*` or `?`

          * Cannot use `fuzzy_max_expansions`,  `max_expansions`, or `max_determinized_states`
      size:
        type: integer
        format: int32
        description: Number of results to return
        example: 10
      from:
        type: integer
        format: int32
        minimum: 0
        description: Of the results found, the first result to return
        example: 0
      sort:
        type: array
        items:
          type: object
        description: >-
          #### Limitations

          * Cannot sort on `message`
      _source:
        type: array
        description: >-
          * _Option 1:_ A single item to say whether you want to return the `_source` field.

          * _Option 2:_ An array of fields to return.
        items:
          - type: boolean
            description: To return the `_source` field, `true`. Otherwise, `false`.
            example: true
          - type: string
            description: Fields to return
      post_filter:
        type: object
      scroll_id:
        type: string
        description: >-
          This is `scrollId` that was returned in the previous scroll request. 
          
          
          If you use `scroll_id`, Elasticsearch searches the same query and data as was used in the initial request of the scroll series. In other words, in a single scroll series, use `query` in the first request, and use `scroll_id` in all subsequent requests.
      scroll:
        type: string
        description: >-
          These time units are supported:

          <table>
            <thead><th>Unit</th><th>Description</th></thead>
            <tr><td>`m`</td><td>minutes</td></tr>
            <tr><td>`s`</td><td>seconds</td></tr>
            <tr><td>`ms`</td><td>milliseconds</td></tr>
            <tr><td>`micros`</td><td>microseconds</td></tr>
            <tr><td>`nanos`</td><td>nanoseconds</td></tr>
          </table>


          #### Limitations

          * Time search must be ≤ 5 minutes. If no time is specified, default is `1m` (1 minute).

  # ::::: SHARED TOKENS DEFINITIONS
  QueryFilter:
    type: object
    required:
      - field
      - value
    properties:
      id:
        type: integer
        format: int32
        description: ID of the token filter
        example: 339
      field:
        type: string
        pattern: '^[a-zA-Z0-9_@.-]+$'
        description: The field to filter
      value:
        type: string
        pattern: '^[a-zA-Z0-9_@.-]+$'
        description: The filter query
      description:
        type: string
        description: Name of the filter
        example: 503 responses
  SharedToken:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: ID of the shared token
        example: 1241
      name:
        type: string
        description: Descriptive name of the token
        example: Snapshotting token
      token:
        type: string
        description: The token
        example: 6c36edf51-cf93883aa35-5bc6ce6-7bcfe60d87
      filters:
        type: array
        uniqueItems: true
        items:
          type: integer
          format: int32
        description: Array of filter IDs attached to each token. If no filter is attached, `null`.
        example: [339, 340]
  CreateSharedTokenRequest:
    type: object
    properties:
      tokenName:
        type: string
        default: string
        description: Name of the token
        example: Support team token
      filters:
        type: array
        uniqueItems: true
        items:
          type: integer
          format: int32
        description: IDs of filters to attach to the token
        example: [ 339 ]
  UpdateSharedTokenRequest:
    type: object
    required:
      - filters
    properties:
      filters:
        type: array
        uniqueItems: true
        items:
          type: integer
          format: int32
          description: ID of the filter
          example: 339
        description: IDs of filters to attach to the token. To remove all filters, use an empty array `[]`.

  # ::::: SNAPSHOTS DEFINITIONS
  SnapshotCreateResponse:
    type: object
    properties:
      snapshotId:
        type: integer
        format: int32
        description: ID of the snapshot
        example: 2049
  SnapshotCreateRequest:
    type: object
    required:
      - snapshotTimeZone
      - snapshotType
      - timeFrameFrom
      - timeFrameTo
    properties:
      snapshotType:
        type: string
        enum:
          - DASHBOARD
          - VISUALIZATION
        description: The object type to share
      snapshotSavedObjectId:
        type: string
        description: ID of the object to share. If you don't know the object ID, you can use the [/kibana/export](#operation/exportSavedObjects) endpoint.
        example: 11f6a669-4f21-6313-dd83-319dbfc8ff96
      slackWebhookUrls:
        type: array
        items:
          type: string
        description: URLs of Slack webhooks that you want to send this snapshot to
        example: https://hooks.slack.com/services/CC29C43F8/7E6E833FB/Ebe297580E7FaC354F9D4d7
      endpoints:
        type: array
        items:
          type: integer
          format: int32
        description: IDs of notification endpoints that you want to send this snapshot to
      emails:
        type: array
        items:
          type: string
        description: Email addresses that you want to send this snapshot to
      message:
        type: string
        description: Message to send to the shared object recipients
        example: Take a look at these Apache logs, let me know if you want me to do anything about it
      timeFrameFrom:
        type: integer
        format: int64
        description: Starting timedate of the visualization, as a Unix epoch integer.
        example: 389836800
      timeFrameTo:
        type: integer
        format: int64
        description: Ending timedate of the visualization, as a Unix epoch integer.
        example: 414720000
      snapshotTimeZone:
        type: string
        description: Time zone to use in `timeFrameFrom` and `timeFrameTo`
        example: UTC
      queryString:
        type: string
        description: Search query
        example: "type:example"
      darkTheme:
        type: boolean
        description: To send the object with Kibana dark theme colors, `true`. Otherwise, `false`.
  SnapshotGetResponse:
    type: object
    properties:
      snapshotId:
        type: integer
        format: int32
        description: ID of the snapshot
        example: 3094
      accountId:
        type: integer
        format: int32
        description: ID of the account
        example: 5555
      snapshotType:
        type: string
        enum:
          - DASHBOARD
          - VISUALIZATION
        description: The object type
        example: VISUALIZATION
      status:
        type: string
        enum:
          - SUCCESS
          - FAILED
          - IN_PROGRESS
        description: Status of the snapshot capture operation
        example: SUCCESS
      snapshotSavedObjectName:
        type: string
        description: Name of the object captured in the snapshot
        example: Mysql response times percentiles
      imageUrl:
        type: string
        description: Web address where the snapshot image is stored
        example: https://snapshotter-logzio-prod.s3.amazonaws.com/1234/567890/snapshots/8843_3094_dC6pBjbrWc1lfN7Gob82oJuSUxTGbm8D6hDE1TcR1pVzIVO0TsB3tuZEZs1YpOGh.png
      appLinkUrl:
        type: string
        description: A link to the snapshot in the Logz.io app
        example: https://app.logz.io/#/dashboard/kibana?kibanaRoute=%2Fvisualize%2Fedit%a4d365e001-5bc9-4851-1933-a70b45a67e9d%3F_g%3D%2528time%253A%2528from%253A%25272018-06-02T15
      message:
        type: string
        description: Message to send to snapshot recipients
        example: Hey, let me know if you need me to do anything about this.
      timeFrameFrom:
        type: integer
        format: int64
        description: Starting timedate of the visualization, as a Unix epoch integer.
        example: 389836800
      timeFrameTo:
        type: integer
        format: int64
        description: Ending timedate of the visualization, as a Unix epoch integer.
        example: 414720000
      snapshotTimeZone:
        type: string
        description: Time zone to use in `timeFrameFrom` and `timeFrameTo`
        example: UTC
  SnapshotNotification:
    type: object
    properties:
      id:
        type: integer
        format: int32
      type:
        type: string
        enum:
          - EMAIL
          - SLACK
      address:
        type: string
      status:
        type: string
        enum:
          - PENDING
          - IN_WORK
          - NEED_RETRY
          - FAILED
          - SUCCESS
  SnapshotRequest:
    type: object
    properties:
      id:
        type: integer
        format: int32
      snapshotType:
        type: string
        enum:
          - DASHBOARD
          - VISUALIZATION
          - SAVED_SEARCH
      snapshotSavedObjectName:
        type: string
      snapshotUrl:
        type: string
      appLinkUrl:
        type: string
      recipients:
        type: array
        items:
          $ref: '#/definitions/SnapshotNotification'
      message:
        type: string
      timeFrameFrom:
        type: integer
        format: int64
      timeFrameTo:
        type: integer
        format: int64
      snapshotTimeZone:
        type: string

  # ::::: USER MANAGEMENT DEFINITIONS
  User:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: ID of the user
        example: 33265
      username:
        type: string
        description: Email address used to sign in to Logz.io
        example: steve@winslows.com
      fullName:
        type: string
        description: First and last name of the user
        example: Stefan Urkel
      accountID:
        type: integer
        format: int32
        description: ID of the account attached to the user
        example: 55555
      roles:
        type: array
        items:
          type: integer
          format: int32
        description: For admin access, `2`. For user access, `3`.
        example: [3]
      active:
        type: boolean
        description: If the user is active, `true`. If the user is suspended, `false`.
        example: true
  UserManagementUpsertResponse:
    type: object
    properties:
      id:
        type: integer
        format: int32
        description: ID of the user
        example: 13485
  UserManagementUpsertRequest:
    type: object
    required:
      - fullName
      - username
      - roles
    properties:
      username:
        type: string
        pattern: >-
          ^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,})$
        description: Email address used to sign in to Logz.io
        example: drvenkman@gbusters.com
      fullName:
        type: string
        description: The user's first and last name
        example: Peter Venkman
      accountID:
        type: integer
        format: int32
        description: ID of the account attached to the user
      roles:
        type: array
        items:
          type: integer
          format: int32
        description: For admin access, `2`. For user access, `3`.
        example: [2]