--- title: Aggregate events description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Logs --- # Aggregate events{% #aggregate-events %} {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------ | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/logs/analytics/aggregate | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/logs/analytics/aggregate | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/logs/analytics/aggregate | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/logs/analytics/aggregate | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/logs/analytics/aggregate | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/logs/analytics/aggregate | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/logs/analytics/aggregate | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/logs/analytics/aggregate | ### Overview The API endpoint to aggregate events into buckets and compute metrics and timeseries. This endpoint requires the `logs_read_data` permission. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----------------------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | compute | [object] | The list of metrics or timeseries to compute for the retrieved buckets. | | compute | aggregation [*required*] | enum | An aggregation function Allowed enum values: `count,cardinality,pc75,pc90,pc95,pc98,pc99,sum,min,max` | | compute | interval | string | The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points | | compute | metric | string | The metric to use | | compute | type | enum | The type of compute Allowed enum values: `timeseries,total` | | | filter | object | The search and filter query settings | | filter | from | string | The minimum time for the requested logs, supports date math and regular timestamps (milliseconds). | | filter | indexes | [string] | For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes. | | filter | query | string | The search query - following the log search syntax. | | filter | storage_tier | enum | Specifies storage type as indexes, online-archives or flex Allowed enum values: `indexes,online-archives,flex` | | filter | to | string | The maximum time for the requested logs, supports date math and regular timestamps (milliseconds). | | | group_by | [object] | The rules for the group by | | group_by | facet [*required*] | string | The name of the facet to use (required) | | group_by | histogram | object | Used to perform a histogram computation (only for measure facets). Note: at most 100 buckets are allowed, the number of buckets is (max - min)/interval. | | histogram | interval [*required*] | double | The bin size of the histogram buckets | | histogram | max [*required*] | double | The maximum value for the measure used in the histogram (values greater than this one are filtered out) | | histogram | min [*required*] | double | The minimum value for the measure used in the histogram (values smaller than this one are filtered out) | | group_by | limit | int64 | The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000. | | group_by | missing | | The value to use for logs that don't have the facet used to group by | | missing | Option 1 | string | The missing value to use if there is string valued facet. | | missing | Option 2 | double | The missing value to use if there is a number valued facet. | | group_by | sort | object | A sort rule | | sort | aggregation | enum | An aggregation function Allowed enum values: `count,cardinality,pc75,pc90,pc95,pc98,pc99,sum,min,max` | | sort | metric | string | The metric to sort by (only used for `type=measure`) | | sort | order | enum | The order to use, ascending or descending Allowed enum values: `asc,desc` | | sort | type | enum | The type of sorting algorithm Allowed enum values: `alphabetical,measure` | | group_by | total | | A resulting object to put the given computes in over all the matching records. | | total | Option 1 | boolean | If set to true, creates an additional bucket labeled "$facet_total" | | total | Option 2 | string | A string to use as the key value for the total bucket | | total | Option 3 | double | A number to use as the key value for the total bucket | | | options | object | **DEPRECATED**: Global query options that are used during the query. Note: These fields are currently deprecated and do not affect the query results. | | options | timeOffset | int64 | The time offset (in seconds) to apply to the query. | | options | timezone | string | The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). | | | page | object | Paging settings | | page | cursor | string | The returned paging point to use to get the next results. Note: at most 1000 results can be paged. | {% /tab %} {% tab title="Example" %} ##### ```json { "compute": [ { "aggregation": "count", "interval": "5m", "type": "timeseries" } ], "filter": { "from": "now-15m", "indexes": [ "main" ], "query": "*", "to": "now" } } ``` ##### ```json { "compute": [ { "aggregation": "count", "interval": "5m", "type": "timeseries" } ], "filter": { "from": "now-15m", "indexes": [ "main" ], "query": "*", "to": "now" }, "group_by": [ { "facet": "host", "missing": "miss", "sort": { "type": "measure", "order": "asc", "aggregation": "pc90", "metric": "@duration" } } ] } ``` ##### ```json { "filter": { "from": "now-15m", "indexes": [ "main" ], "query": "*", "to": "now" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} The response object for the logs aggregate API endpoint | Parent field | Field | Type | Description | | -------------------- | ---------- | ------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | The query results | | data | buckets | [object] | The list of matching buckets, one item per bucket | | buckets | by | object | The key, value pairs for each group by | | additionalProperties | | | The values for each group by | | buckets | computes | object | A map of the metric name -> value for regular compute or list of values for a timeseries | | additionalProperties | | | A bucket value, can be either a timeseries or a single value | | | Option 1 | string | A single string value | | | Option 2 | double | A single number value | | | Option 3 | [object] | A timeseries array | | Option 3 | time | string | The time value for this point | | Option 3 | value | double | The value for this point | | | meta | object | The metadata associated with a request | | meta | elapsed | int64 | The time elapsed in milliseconds | | meta | page | object | Paging attributes. | | page | after | string | The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. | | meta | request_id | string | The identifier of the request | | meta | status | enum | The status of the response Allowed enum values: `done,timeout` | | meta | warnings | [object] | A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response. | | warnings | code | string | A unique code for this type of warning | | warnings | detail | string | A detailed explanation of this specific warning | | warnings | title | string | A short human-readable summary of the warning | {% /tab %} {% tab title="Example" %} ```json { "data": { "buckets": [ { "by": { "": "undefined" }, "computes": { "": { "description": "undefined", "type": "undefined" } } } ] }, "meta": { "elapsed": 132, "page": { "after": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" }, "request_id": "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR", "status": "done", "warnings": [ { "code": "unknown_index", "detail": "indexes: foo, bar", "title": "One or several indexes are missing or invalid, results hold data from the other indexes" } ] } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/logs/analytics/aggregate" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "compute": [ { "aggregation": "pc90", "interval": "5m", "metric": "@duration", "type": "timeseries" } ], "filter": { "from": "now-15m", "indexes": [ "main", "web" ], "query": "service:web* AND @http.status_code:[200 TO 299]", "storage_tier": "indexes", "to": "now" }, "group_by": [ { "facet": "host", "histogram": { "interval": 10, "max": 100, "min": 50 }, "sort": { "aggregation": "count", "order": "asc" } } ], "options": { "timezone": "GMT" }, "page": { "cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" } } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/logs/analytics/aggregate" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "compute": [ { "aggregation": "pc90", "interval": "5m", "metric": "@duration", "type": "timeseries" } ], "filter": { "from": "now-15m", "indexes": [ "main", "web" ], "query": "service:web* AND @http.status_code:[200 TO 299]", "storage_tier": "indexes", "to": "now" }, "group_by": [ { "facet": "host", "histogram": { "interval": 10, "max": 100, "min": 50 }, "sort": { "aggregation": "count", "order": "asc" } } ], "options": { "timezone": "GMT" }, "page": { "cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" } } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/logs/analytics/aggregate" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "compute": [ { "aggregation": "pc90", "interval": "5m", "metric": "@duration", "type": "timeseries" } ], "filter": { "from": "now-15m", "indexes": [ "main", "web" ], "query": "service:web* AND @http.status_code:[200 TO 299]", "storage_tier": "indexes", "to": "now" }, "group_by": [ { "facet": "host", "histogram": { "interval": 10, "max": 100, "min": 50 }, "sort": { "aggregation": "count", "order": "asc" } } ], "options": { "timezone": "GMT" }, "page": { "cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" } } EOF ##### ```go // Aggregate compute events returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.LogsAggregateRequest{ Compute: []datadogV2.LogsCompute{ { Aggregation: datadogV2.LOGSAGGREGATIONFUNCTION_COUNT, Interval: datadog.PtrString("5m"), Type: datadogV2.LOGSCOMPUTETYPE_TIMESERIES.Ptr(), }, }, Filter: &datadogV2.LogsQueryFilter{ From: datadog.PtrString("now-15m"), Indexes: []string{ "main", }, Query: datadog.PtrString("*"), To: datadog.PtrString("now"), }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewLogsApi(apiClient) resp, r, err := api.AggregateLogs(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `LogsApi.AggregateLogs`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `LogsApi.AggregateLogs`:\n%s\n", responseContent) } ``` ##### ```go // Aggregate compute events with group by returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.LogsAggregateRequest{ Compute: []datadogV2.LogsCompute{ { Aggregation: datadogV2.LOGSAGGREGATIONFUNCTION_COUNT, Interval: datadog.PtrString("5m"), Type: datadogV2.LOGSCOMPUTETYPE_TIMESERIES.Ptr(), }, }, Filter: &datadogV2.LogsQueryFilter{ From: datadog.PtrString("now-15m"), Indexes: []string{ "main", }, Query: datadog.PtrString("*"), To: datadog.PtrString("now"), }, GroupBy: []datadogV2.LogsGroupBy{ { Facet: "host", Missing: &datadogV2.LogsGroupByMissing{ LogsGroupByMissingString: datadog.PtrString("miss")}, Sort: &datadogV2.LogsAggregateSort{ Type: datadogV2.LOGSAGGREGATESORTTYPE_MEASURE.Ptr(), Order: datadogV2.LOGSSORTORDER_ASCENDING.Ptr(), Aggregation: datadogV2.LOGSAGGREGATIONFUNCTION_PERCENTILE_90.Ptr(), Metric: datadog.PtrString("@duration"), }, }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewLogsApi(apiClient) resp, r, err := api.AggregateLogs(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `LogsApi.AggregateLogs`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `LogsApi.AggregateLogs`:\n%s\n", responseContent) } ``` ##### ```go // Aggregate events returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.LogsAggregateRequest{ Filter: &datadogV2.LogsQueryFilter{ From: datadog.PtrString("now-15m"), Indexes: []string{ "main", }, Query: datadog.PtrString("*"), To: datadog.PtrString("now"), }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewLogsApi(apiClient) resp, r, err := api.AggregateLogs(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `LogsApi.AggregateLogs`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `LogsApi.AggregateLogs`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Aggregate compute events returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.LogsApi; import com.datadog.api.client.v2.model.LogsAggregateRequest; import com.datadog.api.client.v2.model.LogsAggregateResponse; import com.datadog.api.client.v2.model.LogsAggregationFunction; import com.datadog.api.client.v2.model.LogsCompute; import com.datadog.api.client.v2.model.LogsComputeType; import com.datadog.api.client.v2.model.LogsQueryFilter; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); LogsApi apiInstance = new LogsApi(defaultClient); LogsAggregateRequest body = new LogsAggregateRequest() .compute( Collections.singletonList( new LogsCompute() .aggregation(LogsAggregationFunction.COUNT) .interval("5m") .type(LogsComputeType.TIMESERIES))) .filter( new LogsQueryFilter() .from("now-15m") .indexes(Collections.singletonList("main")) .query("*") .to("now")); try { LogsAggregateResponse result = apiInstance.aggregateLogs(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling LogsApi#aggregateLogs"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Aggregate compute events with group by returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.LogsApi; import com.datadog.api.client.v2.model.LogsAggregateRequest; import com.datadog.api.client.v2.model.LogsAggregateResponse; import com.datadog.api.client.v2.model.LogsAggregateSort; import com.datadog.api.client.v2.model.LogsAggregateSortType; import com.datadog.api.client.v2.model.LogsAggregationFunction; import com.datadog.api.client.v2.model.LogsCompute; import com.datadog.api.client.v2.model.LogsComputeType; import com.datadog.api.client.v2.model.LogsGroupBy; import com.datadog.api.client.v2.model.LogsGroupByMissing; import com.datadog.api.client.v2.model.LogsQueryFilter; import com.datadog.api.client.v2.model.LogsSortOrder; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); LogsApi apiInstance = new LogsApi(defaultClient); LogsAggregateRequest body = new LogsAggregateRequest() .compute( Collections.singletonList( new LogsCompute() .aggregation(LogsAggregationFunction.COUNT) .interval("5m") .type(LogsComputeType.TIMESERIES))) .filter( new LogsQueryFilter() .from("now-15m") .indexes(Collections.singletonList("main")) .query("*") .to("now")) .groupBy( Collections.singletonList( new LogsGroupBy() .facet("host") .missing(new LogsGroupByMissing("miss")) .sort( new LogsAggregateSort() .type(LogsAggregateSortType.MEASURE) .order(LogsSortOrder.ASCENDING) .aggregation(LogsAggregationFunction.PERCENTILE_90) .metric("@duration")))); try { LogsAggregateResponse result = apiInstance.aggregateLogs(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling LogsApi#aggregateLogs"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Aggregate events returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.LogsApi; import com.datadog.api.client.v2.model.LogsAggregateRequest; import com.datadog.api.client.v2.model.LogsAggregateResponse; import com.datadog.api.client.v2.model.LogsQueryFilter; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); LogsApi apiInstance = new LogsApi(defaultClient); LogsAggregateRequest body = new LogsAggregateRequest() .filter( new LogsQueryFilter() .from("now-15m") .indexes(Collections.singletonList("main")) .query("*") .to("now")); try { LogsAggregateResponse result = apiInstance.aggregateLogs(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling LogsApi#aggregateLogs"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Aggregate compute events returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.logs_api import LogsApi from datadog_api_client.v2.model.logs_aggregate_request import LogsAggregateRequest from datadog_api_client.v2.model.logs_aggregation_function import LogsAggregationFunction from datadog_api_client.v2.model.logs_compute import LogsCompute from datadog_api_client.v2.model.logs_compute_type import LogsComputeType from datadog_api_client.v2.model.logs_query_filter import LogsQueryFilter body = LogsAggregateRequest( compute=[ LogsCompute( aggregation=LogsAggregationFunction.COUNT, interval="5m", type=LogsComputeType.TIMESERIES, ), ], filter=LogsQueryFilter( _from="now-15m", indexes=[ "main", ], query="*", to="now", ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = LogsApi(api_client) response = api_instance.aggregate_logs(body=body) print(response) ``` ##### ```python """ Aggregate compute events with group by returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.logs_api import LogsApi from datadog_api_client.v2.model.logs_aggregate_request import LogsAggregateRequest from datadog_api_client.v2.model.logs_aggregate_sort import LogsAggregateSort from datadog_api_client.v2.model.logs_aggregate_sort_type import LogsAggregateSortType from datadog_api_client.v2.model.logs_aggregation_function import LogsAggregationFunction from datadog_api_client.v2.model.logs_compute import LogsCompute from datadog_api_client.v2.model.logs_compute_type import LogsComputeType from datadog_api_client.v2.model.logs_group_by import LogsGroupBy from datadog_api_client.v2.model.logs_query_filter import LogsQueryFilter from datadog_api_client.v2.model.logs_sort_order import LogsSortOrder body = LogsAggregateRequest( compute=[ LogsCompute( aggregation=LogsAggregationFunction.COUNT, interval="5m", type=LogsComputeType.TIMESERIES, ), ], filter=LogsQueryFilter( _from="now-15m", indexes=[ "main", ], query="*", to="now", ), group_by=[ LogsGroupBy( facet="host", missing="miss", sort=LogsAggregateSort( type=LogsAggregateSortType.MEASURE, order=LogsSortOrder.ASCENDING, aggregation=LogsAggregationFunction.PERCENTILE_90, metric="@duration", ), ), ], ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = LogsApi(api_client) response = api_instance.aggregate_logs(body=body) print(response) ``` ##### ```python """ Aggregate events returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.logs_api import LogsApi from datadog_api_client.v2.model.logs_aggregate_request import LogsAggregateRequest from datadog_api_client.v2.model.logs_query_filter import LogsQueryFilter body = LogsAggregateRequest( filter=LogsQueryFilter( _from="now-15m", indexes=[ "main", ], query="*", to="now", ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = LogsApi(api_client) response = api_instance.aggregate_logs(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Aggregate compute events returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::LogsAPI.new body = DatadogAPIClient::V2::LogsAggregateRequest.new({ compute: [ DatadogAPIClient::V2::LogsCompute.new({ aggregation: DatadogAPIClient::V2::LogsAggregationFunction::COUNT, interval: "5m", type: DatadogAPIClient::V2::LogsComputeType::TIMESERIES, }), ], filter: DatadogAPIClient::V2::LogsQueryFilter.new({ from: "now-15m", indexes: [ "main", ], query: "*", to: "now", }), }) p api_instance.aggregate_logs(body) ``` ##### ```ruby # Aggregate compute events with group by returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::LogsAPI.new body = DatadogAPIClient::V2::LogsAggregateRequest.new({ compute: [ DatadogAPIClient::V2::LogsCompute.new({ aggregation: DatadogAPIClient::V2::LogsAggregationFunction::COUNT, interval: "5m", type: DatadogAPIClient::V2::LogsComputeType::TIMESERIES, }), ], filter: DatadogAPIClient::V2::LogsQueryFilter.new({ from: "now-15m", indexes: [ "main", ], query: "*", to: "now", }), group_by: [ DatadogAPIClient::V2::LogsGroupBy.new({ facet: "host", missing: "miss", sort: DatadogAPIClient::V2::LogsAggregateSort.new({ type: DatadogAPIClient::V2::LogsAggregateSortType::MEASURE, order: DatadogAPIClient::V2::LogsSortOrder::ASCENDING, aggregation: DatadogAPIClient::V2::LogsAggregationFunction::PERCENTILE_90, metric: "@duration", }), }), ], }) p api_instance.aggregate_logs(body) ``` ##### ```ruby # Aggregate events returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::LogsAPI.new body = DatadogAPIClient::V2::LogsAggregateRequest.new({ filter: DatadogAPIClient::V2::LogsQueryFilter.new({ from: "now-15m", indexes: [ "main", ], query: "*", to: "now", }), }) p api_instance.aggregate_logs(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Aggregate compute events returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_logs::LogsAPI; use datadog_api_client::datadogV2::model::LogsAggregateRequest; use datadog_api_client::datadogV2::model::LogsAggregationFunction; use datadog_api_client::datadogV2::model::LogsCompute; use datadog_api_client::datadogV2::model::LogsComputeType; use datadog_api_client::datadogV2::model::LogsQueryFilter; #[tokio::main] async fn main() { let body = LogsAggregateRequest::new() .compute(vec![LogsCompute::new(LogsAggregationFunction::COUNT) .interval("5m".to_string()) .type_(LogsComputeType::TIMESERIES)]) .filter( LogsQueryFilter::new() .from("now-15m".to_string()) .indexes(vec!["main".to_string()]) .query("*".to_string()) .to("now".to_string()), ); let configuration = datadog::Configuration::new(); let api = LogsAPI::with_config(configuration); let resp = api.aggregate_logs(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Aggregate compute events with group by returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_logs::LogsAPI; use datadog_api_client::datadogV2::model::LogsAggregateRequest; use datadog_api_client::datadogV2::model::LogsAggregateSort; use datadog_api_client::datadogV2::model::LogsAggregateSortType; use datadog_api_client::datadogV2::model::LogsAggregationFunction; use datadog_api_client::datadogV2::model::LogsCompute; use datadog_api_client::datadogV2::model::LogsComputeType; use datadog_api_client::datadogV2::model::LogsGroupBy; use datadog_api_client::datadogV2::model::LogsGroupByMissing; use datadog_api_client::datadogV2::model::LogsQueryFilter; use datadog_api_client::datadogV2::model::LogsSortOrder; #[tokio::main] async fn main() { let body = LogsAggregateRequest::new() .compute(vec![LogsCompute::new(LogsAggregationFunction::COUNT) .interval("5m".to_string()) .type_(LogsComputeType::TIMESERIES)]) .filter( LogsQueryFilter::new() .from("now-15m".to_string()) .indexes(vec!["main".to_string()]) .query("*".to_string()) .to("now".to_string()), ) .group_by(vec![LogsGroupBy::new("host".to_string()) .missing(LogsGroupByMissing::LogsGroupByMissingString( "miss".to_string(), )) .sort( LogsAggregateSort::new() .aggregation(LogsAggregationFunction::PERCENTILE_90) .metric("@duration".to_string()) .order(LogsSortOrder::ASCENDING) .type_(LogsAggregateSortType::MEASURE), )]); let configuration = datadog::Configuration::new(); let api = LogsAPI::with_config(configuration); let resp = api.aggregate_logs(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Aggregate events returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_logs::LogsAPI; use datadog_api_client::datadogV2::model::LogsAggregateRequest; use datadog_api_client::datadogV2::model::LogsQueryFilter; #[tokio::main] async fn main() { let body = LogsAggregateRequest::new().filter( LogsQueryFilter::new() .from("now-15m".to_string()) .indexes(vec!["main".to_string()]) .query("*".to_string()) .to("now".to_string()), ); let configuration = datadog::Configuration::new(); let api = LogsAPI::with_config(configuration); let resp = api.aggregate_logs(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Aggregate compute events returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.LogsApi(configuration); const params: v2.LogsApiAggregateLogsRequest = { body: { compute: [ { aggregation: "count", interval: "5m", type: "timeseries", }, ], filter: { from: "now-15m", indexes: ["main"], query: "*", to: "now", }, }, }; apiInstance .aggregateLogs(params) .then((data: v2.LogsAggregateResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Aggregate compute events with group by returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.LogsApi(configuration); const params: v2.LogsApiAggregateLogsRequest = { body: { compute: [ { aggregation: "count", interval: "5m", type: "timeseries", }, ], filter: { from: "now-15m", indexes: ["main"], query: "*", to: "now", }, groupBy: [ { facet: "host", missing: "miss", sort: { type: "measure", order: "asc", aggregation: "pc90", metric: "@duration", }, }, ], }, }; apiInstance .aggregateLogs(params) .then((data: v2.LogsAggregateResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Aggregate events returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.LogsApi(configuration); const params: v2.LogsApiAggregateLogsRequest = { body: { filter: { from: "now-15m", indexes: ["main"], query: "*", to: "now", }, }, }; apiInstance .aggregateLogs(params) .then((data: v2.LogsAggregateResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}