Endpoint
Authentication
Request body
SetContent-Type: application/x-ndjson (or application/json). The body must contain one JSON object per line. Each line represents a single log event. The body cannot be empty. Gzip-compressed bodies are supported: send Content-Encoding: gzip and Rootprint forwards it to Quickwit unchanged.
NDJSON (Newline Delimited JSON) means each log entry is a complete JSON object on its own line,
with a newline character (
\n) between entries. There is no wrapping array.Example request
Response
On success, Rootprint returns a200 response. Authentication errors (401, 403) are generated by Rootprint. Success responses and 4xx indexing errors (including 400 for an empty or unparseable body) come from the search engine.
The number of log events accepted for indexing in this request.
num_docs_for_processing is the count of documents accepted for indexing, not the count
successfully indexed. If individual documents fail validation against the index schema, the
search engine logs the failure on the server but the API response stays the same. Inspect the
search engine’s stdout (or your log shipper) when you suspect documents are being silently dropped.Error responses
| Status | Cause |
|---|---|
400 | The request body is empty or the payload could not be parsed |
401 | The Authorization header is missing or does not contain a bearer API key |
403 | The bearer key is not a valid ingest key (unknown or revoked key) |
404 | The target index no longer exists |
413 | A proxy or upstream service rejected the request as too large (Rootprint sets no body-size limit of its own) |
500 | Rootprint encountered an internal error |
503 | Rootprint could not reach Quickwit, or Quickwit is unhealthy or unavailable |
error object:
