# `LogpointApi`
[🔗](https://github.com/MikaelFangel/logpoint_api/blob/v2.2.0/lib/logpoint_api.ex#L1)

Elixir library for interacting with the Logpoint API.

Build a client, then pass it to any domain module.

## Setup

    client = LogpointApi.client("https://logpoint.company.com", "admin", "secret")

## Search

    query = LogpointApi.search_params("user=*", "Last 24 hours", 100, ["127.0.0.1"])

    # Block until final results (polls automatically)
    {:ok, result} = LogpointApi.run_search(client, query)

    # Low-level primitives are still available
    alias LogpointApi.Core.Search

    {:ok, %{"search_id" => id}} = Search.get_id(client, query)
    {:ok, result}               = Search.get_result(client, id)
    {:ok, prefs}                = Search.user_preference(client)
    {:ok, repos}                = Search.logpoint_repos(client)

## Incidents

    alias LogpointApi.Core.Incident

    {:ok, incidents} = Incident.list(client, start_time, end_time)
    {:ok, states}    = Incident.list_states(client, start_time, end_time)
    {:ok, _}         = Incident.resolve(client, ["id1"])
    {:ok, _}         = Incident.close(client, ["id2"])
    {:ok, _}         = Incident.reopen(client, ["id3"])
    {:ok, _}         = Incident.assign(client, ["id1"], "user_id")
    {:ok, _}         = Incident.add_comments(client, [LogpointApi.comment("id1", "note")])
    {:ok, users}     = Incident.get_users(client)

## Alert Rules

    alias LogpointApi.Data.Rule
    alias LogpointApi.Core.AlertRule

    {:ok, rules} = AlertRule.list(client)
    {:ok, rule}  = AlertRule.get(client, "rule-id")
    {:ok, _}     = AlertRule.activate(client, ["id1", "id2"])
    {:ok, _}     = AlertRule.deactivate(client, ["id1"])
    {:ok, _}     = AlertRule.delete(client, ["id1"])

    # Builder-style alert rule creation
    rule =
      LogpointApi.rule("Brute Force Detection")
      |> Rule.description("Detects brute force login attempts")
      |> Rule.query("error_code=4625")
      |> Rule.time_range(1, :day)
      |> Rule.repos(["10.0.0.1"])
      |> Rule.limit(100)
      |> Rule.threshold(:greaterthan, 5)
      |> Rule.risk_level("high")
      |> Rule.aggregation_type("max")
      |> Rule.assignee("admin")

    {:ok, _} = AlertRule.create(client, rule)

    # Email notification
    alias LogpointApi.Data.EmailNotification

    notif =
      LogpointApi.email_notification(["rule-1"], "admin@example.com")
      |> EmailNotification.subject("Alert: {{ rule_name }}")
      |> EmailNotification.template("<p>Details</p>")

    {:ok, _} = AlertRule.create_email_notification(client, notif)

    # HTTP notification
    alias LogpointApi.Data.HttpNotification

    webhook =
      LogpointApi.http_notification(["rule-1"], "https://hooks.slack.com/abc", :post)
      |> HttpNotification.body(~s({"text": "{{ rule_name }}"}))
      |> HttpNotification.bearer_auth("my-token")

    {:ok, _} = AlertRule.create_http_notification(client, webhook)

## Logpoint Repos & User-Defined Lists

    alias LogpointApi.Core.LogpointRepo
    alias LogpointApi.Core.UserDefinedList

    {:ok, repos} = LogpointRepo.list(client)
    {:ok, lists} = UserDefinedList.list(client)

## SSL

    client = LogpointApi.client("https://192.168.1.100", "admin", "secret", ssl_verify: false)

# `client`

```elixir
@spec client(String.t(), String.t(), String.t(), keyword()) ::
  LogpointApi.Data.Client.t()
```

Create a client for the Logpoint API.

## Options

  * `:ssl_verify` - verify SSL certificates (default: `true`)

# `comment`

```elixir
@spec comment(String.t(), String.t() | [String.t()]) :: LogpointApi.Data.Comment.t()
```

Build an incident comment.

# `email_notification`

```elixir
@spec email_notification([String.t()], String.t() | [String.t()]) ::
  LogpointApi.Data.EmailNotification.t()
```

Build an email notification for alert rules.

# `http_notification`

```elixir
@spec http_notification([String.t()], String.t(), atom()) ::
  LogpointApi.Data.HttpNotification.t()
```

Build an HTTP notification for alert rules.

# `rule`

```elixir
@spec rule(String.t()) :: LogpointApi.Data.Rule.t()
```

Build an alert rule.

# `run_search`

```elixir
@spec run_search(
  LogpointApi.Data.Client.t(),
  LogpointApi.Data.SearchParams.t(),
  keyword()
) ::
  {:ok, map()} | {:error, term()}
```

Run a search and block until final results arrive.

Polls automatically, handling expired searches by resubmitting the query.

## Options

  * `:polling_interval` — milliseconds between polls (default: `1_000`)
  * `:max_attempts`     — maximum poll iterations (default: `30`)

# `search_params`

```elixir
@spec search_params(String.t(), String.t() | [number()], non_neg_integer(), [
  String.t()
]) ::
  LogpointApi.Data.SearchParams.t()
```

Build a search query.

# `search_params`

```elixir
@spec search_params(String.t(), number(), number(), non_neg_integer(), [String.t()]) ::
  LogpointApi.Data.SearchParams.t()
```

Build a search query with explicit start and end times.

---

*Consult [api-reference.md](api-reference.md) for complete listing*