Skip to main content
The ingest endpoint accepts a batch of log events as NDJSON and ingests them into the index attached to your ingest API key. Your log shippers authenticate with a per-index ingest API key, so you manage access centrally and each key writes only to its own index. If you want the full setup flow, see Send Logs.

Endpoint

Authentication

You must include a valid ingest API key in every request. Create ingest keys in the Rootprint web UI at Settings → API keys. Each key is scoped to exactly one index; Rootprint uses that index as the ingestion target.

Request body

Set Content-Type: application/x-ndjson (or application/json). The body must contain one JSON object per line. Each line represents a single log event. The body cannot be empty. Gzip-compressed bodies are supported: send Content-Encoding: gzip and Rootprint forwards it to Quickwit unchanged.
NDJSON (Newline Delimited JSON) means each log entry is a complete JSON object on its own line, with a newline character (\n) between entries. There is no wrapping array.

Example request

Rootprint targets the index configured on the ingest API key. Check the key in Settings → API keys if you need to confirm where a shipper writes.

Response

On success, Rootprint returns a 200 response. Authentication errors (401, 403) are generated by Rootprint. Success responses and 4xx indexing errors (including 400 for an empty or unparseable body) come from the search engine.
num_docs_for_processing
number
The number of log events accepted for indexing in this request.
Example success response:
num_docs_for_processing is the count of documents accepted for indexing, not the count successfully indexed. If individual documents fail validation against the index schema, the search engine logs the failure on the server but the API response stays the same. Inspect the search engine’s stdout (or your log shipper) when you suspect documents are being silently dropped.

Error responses

StatusCause
400The request body is empty or the payload could not be parsed
401The Authorization header is missing or does not contain a bearer API key
403The bearer key is not a valid ingest key (unknown or revoked key)
404The target index no longer exists
413A proxy or upstream service rejected the request as too large (Rootprint sets no body-size limit of its own)
500Rootprint encountered an internal error
503Rootprint could not reach Quickwit, or Quickwit is unhealthy or unavailable
App-level error responses include a JSON body with an error object: