Skip to main content

Troubleshooting Sumo Logic APIs

Thumbnail icon

This guide provides information to help you troubleshoot errors you may find when using the Sumo Logic APIs.

Deployments and Sumo Logic Endpoints

Which API endpoint should I use?

To determine which Sumo Logic API endpoint you should use, find the deployment pod referenced in your browser's Sumo Logic service URL.

If you see https://service.us2.sumologic.com, for example, that means you're running on the US2 pod and need to use the API endpoint https://api.us2.sumologic.com/api/. For the service URL https://service.eu.sumologic.com, you'd need to use the API endpoint https://api.eu.sumologic.com/api/, and so on. The only exception is the US1 pod (https://service.sumologic.com), which uses the API endpoint https://api.sumologic.com/api/.

To view all available endpoints, see Sumo Logic Endpoints.

API - 301 Error - Moved

Question

My initial request to the Sumo Logic APIs returns the following 301 error message. Why is this message received?

{
"status": 301,
"id": "IBCA5-NRG74-ROEI9",
"code": "moved",
"message": "The requested resource SHOULD be accessed through returned URI in Location Header."
}

Answer

The likely answer is that the API endpoint in the request did not include your correct deployment. Sumo Logic us1 endpoints begin api.sumologic.com. The endpoints in other deployments (e.g., us2, eu, au) look like api.<YOUR_DEPLOYMENT>.sumologic.com.

To determine which Sumo Logic API endpoint you should use, find the deployment pod referenced in your browser's Sumo Logic service URL.

If you see https://service.us2.sumologic.com, for example, that means you're running on the US2 pod and need to use the API endpoint https://api.us2.sumologic.com/api/. For the service URL https://service.eu.sumologic.com, you'd need to use the API endpoint https://api.eu.sumologic.com/api/, and so on. The only exception is the US1 pod (https://service.sumologic.com), which uses the API endpoint https://api.sumologic.com/api/.

To view all available endpoints, see Sumo Logic Endpoints.

API - 401 Error - Credential could not be verified

Question

When running a script that makes multiple requests to the Sumo Logic APIs, I sporadically receive the following error message with certain requests despite valid credentials and successful requests. Why does this occur?

{
"status": 401,
"id": "FRXHW-NB12G-HMYO6",
"code": "unauthorized",
"message": "Credential could not be verified."
}

Answer

To prevent possible brute force attacks, Sumo Logic throttles the number of authentication requests that can be made per minute to the service and APIs. The error message above may occur if you have exceeded the number of logins allowed over a one minute period.

The best practice for accessing the Sumo Logic APIs is to store and provide a session cookie with each follow up request during your session to the API, which will prevent the authentication throttling from occurring. A simple example for storing and providing a session cookie with cURL is shown below. This command (-c <file>) will store the session cookie within a text file called cookies.txt. This will also then pass the contents of the existing cookie file (-b <file>) with follow up request to the API.

curl -b cookies.txt -c cookies.txt -u '<username>:<password>' -X GET https://api.sumologic.com/api/v1/collectors
</password></username>

API - 403 Error - This operation is not allowed for your account type

Question

When running an API query for the Sumo Logic Search Job API, I'm receiving the following error message back from the requests. What does this mean?

{
"status": 403,
"id": "PGS9M-CLBT3-VUJ0T",
"code": "forbidden",
"message": "This operation is not allowed for your account type."
}

Answer

The API- 403 error occurs when you do not have access to the Search Job API, which is only available for Enterprise-level accounts. If you're currently on a Sumo Logic Free or Professional account, you'll receive this error message if you try to access these APIs.

If you need access to these APIs, reach out to your Sumo Logic sales representative or contact us for more information on upgrading your existing account.

Receiving 500 errors when using the Search Job API

Question

After making the initial call to the Search Job API, any follow up calls I make to query the status or results of the search job return a "500 Internal Server Error" or "Job ID is invalid". Is there an issue occurring with the service or job?

Answer

When making a request to the Search Job API, the original job query creates a session cookie, which must be stored and passed with any follow-up calls to the search job created. Sumo Logic routes the API requests to the server processing the search job based on the cookie provided with the request; if no cookie is provided the request may be passed to an incorrect server, resulting in a 500 error.

For example, when using cURL, we capture, store, and then pass the cookie back on the query request using the commands shown below:

Create the job

curl -b cookies.txt -c cookies.txt -H 'Content-type: application/json' -H 'Accept: application/json' -X POST -T createSearchJob.json --user <ACCESSID>:<ACCESSKEY> https://api.sumologic.com/api/v1/search/jobs

Query the Job

curl -v --trace-ascii - -b cookies.txt -c cookies.txt -H 'Accept: application/json' --user <ACCESSID>:<ACCESSKEY> https://api.sumologic.com/api/v1/search/jobs/<SEARCH_JOB_ID>

The Search Job API documentation provides an example of how to use the API (and does specify that cookies are to be supplied). Better error messaging around this type of error is under review and should be provided in a future release.

Search Job API results into formatted JSON file

When getting current Search Job API results, you can format them cleanly into a JSON file.

Using an open source Python tool called mjson that comes with the standard Python libraries, you can put your results in an easier to read format. You can reference the tool at the following links:

When running your command to get the results, simply add the following. Note the > results.txt which is saving the results to a file named results.txt.

| grep "\"_raw\":" | sed 's/^[ \t]*"_raw": "//g' | sed 's/",[ \t]*$//g' > results.txt

A full example command is as follows, note you must input your accessid and accesskey, as well as ensure the correct endpoint is set and set the search job ID given when creating the search job:

curl -sS -b cookies.txt -c cookies.txt -H "Accept: application/json" --user ACCESSID:ACCESSKEY "https://api.sumologic.com/api/v1/sea...=0&limit=10000" | grep "\"_raw\":" | sed 's/^[ \t]*"_raw": "//g' | sed 's/",[ \t]*$//g' > results.txt

Now that the results on in the file results.txt you can use the mjson.tool on the file to make it easier to read as follows:

cat results.txt | python -mjson.tool >> results.json

Now you have a new file results.json that will be much easier to read.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.