Incident Filters
Some requests that handle Incidents allow you to filter returned incidents based on the fields of the incident itself or the entity that generated it.
Incident filters have the following structure:
"filter": [
[
// filter
]
],
...You can also use logical operations $and and $or to combine the filters:
"filter": [
[
"$and",
[
[
"$or",
[
[
// filter
],
[
// filter
]
]
],
[
// filter
],
[
// filter
]
]
]
],
...Available filters
Replace the // filter lines in the examples above to apply these filters.
Incident Fields
The following filters handle the fields of the incident.
Registered time
Use this filter to get incidents that were registered between timestamps specified in from and to.
"timestamp",
{
"from": 1660734896160,
"to": 1660738496160
}Occurred time
Use this filter to get incidents that occurred between timestamps specified in from and to.
"localTimestamp",
{
"from": 1660133723209,
"to": 1660738523209
}Cleared time
Use this filter to get incidents that were cleared between timestamps specified in from and to.
"clearTimestamp",
{
"from": 1660734972645,
"to": 1660738572645
}Object/link
Use this filter to get incidents that were generated by a specific entity.
Entity ID has to be prefixed by the entity type — objects-... for objects and links-... for links.
"entity",
"objects-61576794877b1d7a1f43c59e"Severity
Use this filter to get incidents that have a specified severity.
"severity",
// Array of severity IDs
[
1,
...,
"5c0f67acf2a9273067af328f"
]Text
Use this filter to get the incidents whose text field matches the specified condition.
Available logical operations:
-
Equals:
_eq -
Not Equals:
_neq -
Matches:
_m -
Contains:
_ct -
Doesn’t contain:
_nct
"text",
{
"value": "Text",
"op": "_eq"
}Acknowledged by
You can return the incidents that have been acknowledged by a specified user.
"acknowledgedBy",
"5a0b26b8c9a7733f56b01a16"// ID of a user who acknowledged an incidentComment
Use this filter to get the incidents whose comment matches the specified condition.
Available logical operations:
-
Equals:
_eq -
Not Equals:
_neq -
Matches:
_m -
Contains:
_ct -
Doesn’t contain:
_nct
"comment",
{
"value": "Comment",
"op": "_eq"
}Transition time
Use this filter to get incidents whose entity last updated its State between timestamps specified in from and to.
"lastStateUpdate",
{
"from": 1660736721329,
"to": 1660740321329
}Field comparison
You can return incidents, whose fields match the specified logical operation.
Fields, available for comparison:
-
Registered time:
timestamp -
Occurred time:
localTimestamp -
Cleared time:
clearTimestamp -
Last state update time:
lastStateUpdate -
Object creation time:
created
Available operations:
-
Equals:
_eq -
Not Equals:
_neq -
Matches:
_m -
Contains:
_ct -
Doesn’t contain:
_nct
[
"timestamp",
"clearTimestamp"
],
"_eq"Entity Fields
The following filters handle the fields of entities that generated the incident.
Class
You can filter incidents by the class of the entity that generated them.
"classId",
"591c4ea02d84db763e226ced"// ID of the classProperty
Use this filter to get the incidents whose specified property matches the specified condition.
Available operations:
-
Equals:
_eq -
Not Equals:
_neq -
Matches:
_m -
Contains:
_ct -
Doesn’t contain:
_nct
"property",
{
"value": "value",
"property": "property_name",
"op": "_neq"
}