Skip to main content
The ingest endpoint accepts a batch of log events as NDJSON and forwards them to the Quickwit index you specify. Logwiz acts as an authenticated gateway - your log shippers send data here instead of directly to Quickwit, so you can keep Quickwit private and manage access with per-index bearer tokens. If you want the full setup flow, see Send Logs.

Endpoint

POST /api/ingest/{indexId}

Authentication

Authorization: Bearer <your-ingest-token>
You must include a valid ingest token in every request. Create tokens in the Logwiz admin panel at Administration → Send Logs. A token can be scoped to specific index IDs; a request for an index outside its allowlist returns 403.

Path parameters

indexId
string
required
The ID of the Quickwit index to ingest logs into (for example, otel-logs-v0_9). The index must exist in Quickwit.

Query parameters

commit
string
Controls when Quickwit commits the ingested documents. Pass wait_for to block until the documents are indexed and immediately searchable. Omit this parameter to use Quickwit’s default commit behavior (asynchronous).Example: ?commit=wait_for

Request body

Set Content-Type: application/x-ndjson. The body must contain one JSON object per line. Each line represents a single log event. The body cannot be empty and must not exceed 10 MB.
NDJSON (Newline Delimited JSON) means each log entry is a complete JSON object on its own line, with a newline character (\n) between entries. There is no wrapping array.

Example request

curl -X POST 'https://logs.example.com/api/ingest/otel-logs-v0_9?commit=wait_for' \
  -H 'Authorization: Bearer logwiz_abc123' \
  -H 'Content-Type: application/x-ndjson' \
  --data-binary @- <<'EOF'
{"timestamp_nanos":1776340800000000000,"severity_text":"INFO","body":{"message":"User logged in"},"service_name":"frontend","attributes":{"user_id":"alice"},"resource_attributes":{},"trace_id":"","span_id":"","trace_flags":0,"observed_timestamp_nanos":1776340800000000000,"severity_number":9,"dropped_attributes_count":0,"resource_dropped_attributes_count":0,"scope_name":"","scope_version":"","scope_attributes":{},"scope_dropped_attributes_count":0}
{"timestamp_nanos":1776340860000000000,"severity_text":"ERROR","body":{"message":"Connection timeout"},"service_name":"api-gateway","attributes":{},"resource_attributes":{},"trace_id":"","span_id":"","trace_flags":0,"observed_timestamp_nanos":1776340860000000000,"severity_number":17,"dropped_attributes_count":0,"resource_dropped_attributes_count":0,"scope_name":"","scope_version":"","scope_attributes":{},"scope_dropped_attributes_count":0}
EOF
The index ID otel-logs-v0_9 is the standard name for an OpenTelemetry logs index created by Quickwit’s OTel ingest API. If you set up Quickwit using its default OTel configuration, this is the index you should target.

Response

Logwiz proxies the response from Quickwit directly. On success, Quickwit returns 200.
num_docs_for_processing
number
The number of log events accepted for indexing in this request.
Example success response: 
{ "num_docs_for_processing": 2 }

Error responses

StatusCause
400The request body is empty or the payload could not be parsed
401The Authorization header is missing or does not contain a bearer token
403The token is invalid, revoked, or not scoped for the requested index
404The specified index does not exist in Quickwit
413The request body exceeds the 10 MB limit
429The rate limit for the ingest endpoint has been exceeded
502Logwiz could not reach Quickwit to forward the request
503Quickwit is unhealthy or unavailable
All error responses include a JSON body with a message field: 
{ "message": "Invalid ingest token" }