Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rootprint.io/llms.txt

Use this file to discover all available pages before exploring further.

The ingest endpoint accepts a batch of log events as NDJSON and forwards them to the Quickwit index attached to your ingest API key. Rootprint acts as an authenticated gateway - your log shippers send data here instead of directly to Quickwit, so you can keep Quickwit private and manage access with per-index API keys. If you want the full setup flow, see Send Logs.

Endpoint

POST /api/ingest/ndjson

Authentication

Authorization: Bearer <your-ingest-token>
You must include a valid ingest API key in every request. Create API keys in the Rootprint web UI at Settings → API keys. Each key is scoped to exactly one index; Rootprint uses that index when forwarding the request to Quickwit.

Request body

Set Content-Type: application/x-ndjson. The body must contain one JSON object per line. Each line represents a single log event. The body cannot be empty.
NDJSON (Newline Delimited JSON) means each log entry is a complete JSON object on its own line, with a newline character (\n) between entries. There is no wrapping array.

Example request

curl -X POST 'https://your-rootprint-host/api/ingest/ndjson' \
  -H 'Authorization: Bearer lwit_abc123' \
  -H 'Content-Type: application/x-ndjson' \
  --data-binary @- <<'EOF'
{"timestamp_nanos":1776340800000000000,"severity_text":"INFO","body":{"message":"User logged in"},"service_name":"frontend","attributes":{"user_id":"alice"},"resource_attributes":{},"trace_id":"","span_id":"","trace_flags":0,"observed_timestamp_nanos":1776340800000000000,"severity_number":9,"dropped_attributes_count":0,"resource_dropped_attributes_count":0,"scope_name":"","scope_version":"","scope_attributes":{},"scope_dropped_attributes_count":0}
{"timestamp_nanos":1776340860000000000,"severity_text":"ERROR","body":{"message":"Connection timeout"},"service_name":"api-gateway","attributes":{},"resource_attributes":{},"trace_id":"","span_id":"","trace_flags":0,"observed_timestamp_nanos":1776340860000000000,"severity_number":17,"dropped_attributes_count":0,"resource_dropped_attributes_count":0,"scope_name":"","scope_version":"","scope_attributes":{},"scope_dropped_attributes_count":0}
EOF
Rootprint targets the index configured on the ingest API key. Check the key in Settings → API keys if you need to confirm where a shipper writes.

Response

On success, Rootprint passes Quickwit’s 200 response straight through. Authentication and empty-body errors (401, 403, 400) are generated by Rootprint itself; status codes from indexing are proxied from Quickwit.
num_docs_for_processing
number
The number of log events accepted for indexing in this request.
Example success response: 
{ "num_docs_for_processing": 2 }
num_docs_for_processing is the count of documents accepted for indexing, not the count successfully indexed. If individual documents fail validation against the index schema, Quickwit logs the failure on the server but the API response stays the same. Inspect Quickwit’s stdout (or your log shipper) when you suspect documents are being silently dropped.

Error responses

StatusCause
400The request body is empty or the payload could not be parsed
401The Authorization header is missing or does not contain a bearer API key
403The bearer key is not a valid ingest key (unknown key, or wrong role)
404The upstream index no longer exists in Quickwit
413A proxy or upstream service rejected the request as too large (Rootprint sets no body-size limit of its own)
500Rootprint encountered an internal error
503Rootprint could not reach Quickwit, or Quickwit is unhealthy or unavailable
App-level error responses include a JSON body with an error object: 
{
  "error": {
    "code": "INGEST_INVALID_TOKEN",
    "message": "Invalid ingest token",
    "statusCode": 403,
    "requestId": "req_abc123"
  }
}