Query data source rows
Run a synchronous ad-hoc query against a configured data source and get back its raw rows. Used by Flashduty AI SRE and by UI preview. The request is forwarded over WebSocket to monit-edge, which executes the query against the underlying source (Prometheus / Loki / VictoriaLogs / SLS / MySQL / Postgres / Oracle / ClickHouse / Elasticsearch).
Restrictions
| Aspect | Value |
|---|---|
| Rate limits | 600 requests/minute; 10 requests/second per account |
| Permissions | Any valid app_key (read-only; not gated by a specific permission class) |
Usage
- The request is forwarded to
monit-edgeover WebSocket; the data source named byds_type+ds_namemust already exist under the calling account. account_idin the body is optional. When supplied it must equal the authenticated account; mismatched values are rejected.- Two error layers: webapi-level failures use the standard error envelope, but errors raised by
monit-edgewhile executing the query are returned as HTTP 200 with anerrorobject in the body. Always check the response body forerrorin addition to the HTTP status. - monit-edge enforces a row cap; large result sets come back as
error.message = "too many rows". Narrow the time range or aggregate at the source. argsis a polymorphicstring→stringmap that is forwarded verbatim. Semantics depend onds_type(SLS requiressls.project+sls.logstore; Loki / VictoriaLogs raw mode requires a time range via*.start/*.endor*.timespan.value/*.timespan.unit; Prometheus and SQL sources ignore it). See the monit-webapi query-api docs for the per-source key list.
Authorizations
App key issued from the Flashduty console under Account → APP Keys. Required on every public API call. Keep it secret — it grants the same access as the owning account.
Body
Data source type; must match a configured data source under the tenant. Examples: prometheus, loki, victorialogs, sls, elasticsearch, mysql, postgres, oracle, clickhouse.
Data source name; must match a configured data source under the tenant.
Query expression. Syntax depends on ds_type and is interpreted by the corresponding monit-edge client (PromQL for Prometheus, LogQL for Loki, SQL for SQL sources, etc.).
Optional consistency check. Must equal the authenticated account when supplied; mismatched values are rejected. Business execution always uses the authenticated account.
Look-back offset in seconds applied to point-in-time queries (Prometheus, Loki stats, VictoriaLogs stats). Ignored for raw / detail queries.
Polymorphic key/value extension parameters forwarded verbatim to monit-edge. All values must be strings. Semantics depend on ds_type: SLS requires sls.project + sls.logstore; Loki / VictoriaLogs raw mode requires a time range via <source>.start/<source>.end or <source>.timespan.value + <source>.timespan.unit; Prometheus and SQL sources ignore it. Always namespace keys by source (e.g. sls.project, loki.type).
Response
Success
Success response envelope. On every 2xx response, request_id identifies the call (also mirrored in the Flashcat-Request-Id header) and data holds the endpoint-specific payload. Failure responses use a different shape — see ErrorResponse.
Unique ID for this request. Mirrored in the Flashcat-Request-Id response header. Include it when reporting issues.
"01HK8XQE3Z7JM2NTFQ5YJ8P9R4"
Result rows. Different data sources populate fields vs values differently — metric sources (Prometheus, *-stats) put numbers into values; detail sources (SQL, SLS, raw logs) put data into fields and may return values: null.