Incident Filters
Some requests that handle Incidents allow you to filter returned incidents based on the fields of the incident itself or the entity that generated it.
Incident filters have the following structure:
"filter": [
[
// filter
]
],
...
You can also use logical operations $and
and $or
to combine the filters:
"filter": [
[
"$and",
[
[
"$or",
[
[
// filter
],
[
// filter
]
]
],
[
// filter
],
[
// filter
]
]
]
],
...
Available filters
Replace the // filter
lines in the examples above to apply these filters.
Incident Fields
The following filters handle the fields of the incident.
Registered time
Use this filter to get incidents that were registered between timestamps specified in from
and to
.
"timestamp",
{
"from": 1660734896160,
"to": 1660738496160
}
Occurred time
Use this filter to get incidents that occurred between timestamps specified in from
and to
.
"localTimestamp",
{
"from": 1660133723209,
"to": 1660738523209
}
Cleared time
Use this filter to get incidents that were cleared between timestamps specified in from
and to
.
"clearTimestamp",
{
"from": 1660734972645,
"to": 1660738572645
}
Object/link
Use this filter to get incidents that were generated by a specific entity.
Entity ID has to be prefixed by the entity type — objects-...
for objects and links-...
for links.
"entity",
"objects-61576794877b1d7a1f43c59e"
Severity
Use this filter to get incidents that have a specified severity.
"severity",
// Array of severity IDs
[
1,
...,
"5c0f67acf2a9273067af328f"
]
Text
Use this filter to get the incidents whose text
field matches the specified condition.
Available logical operations:
-
Equals:
_eq
-
Not Equals:
_neq
-
Matches:
_m
-
Contains:
_ct
-
Doesn’t contain:
_nct
"text",
{
"value": "Text",
"op": "_eq"
}
Acknowledged by
You can return the incidents that have been acknowledged by a specified user.
"acknowledgedBy",
"5a0b26b8c9a7733f56b01a16"// ID of a user who acknowledged an incident
Comment
Use this filter to get the incidents whose comment matches the specified condition.
Available logical operations:
-
Equals:
_eq
-
Not Equals:
_neq
-
Matches:
_m
-
Contains:
_ct
-
Doesn’t contain:
_nct
"comment",
{
"value": "Comment",
"op": "_eq"
}
Transition time
Use this filter to get incidents whose entity last updated its State between timestamps specified in from
and to
.
"lastStateUpdate",
{
"from": 1660736721329,
"to": 1660740321329
}
Field comparison
You can return incidents, whose fields match the specified logical operation.
Fields, available for comparison:
-
Registered time:
timestamp
-
Occurred time:
localTimestamp
-
Cleared time:
clearTimestamp
-
Last state update time:
lastStateUpdate
-
Object creation time:
created
Available operations:
-
Equals:
_eq
-
Not Equals:
_neq
-
Matches:
_m
-
Contains:
_ct
-
Doesn’t contain:
_nct
[
"timestamp",
"clearTimestamp"
],
"_eq"
Entity Fields
The following filters handle the fields of entities that generated the incident.
Class
You can filter incidents by the class of the entity that generated them.
"classId",
"591c4ea02d84db763e226ced"// ID of the class
Property
Use this filter to get the incidents whose specified property matches the specified condition.
Available operations:
-
Equals:
_eq
-
Not Equals:
_neq
-
Matches:
_m
-
Contains:
_ct
-
Doesn’t contain:
_nct
"property",
{
"value": "value",
"property": "property_name",
"op": "_neq"
}