Incident Filters

Some requests that handle Incidents allow you to filter returned incidents based on the fields of the incident itself or the entity that generated it.

Incident filters have the following structure:

"filter": [
    [
        // filter
    ]
],
...

You can also use logical operations $and and $or to combine the filters:

"filter": [
    [
        "$and",
        [
            [
                "$or",
                [
                    [
                        // filter
                    ],
                    [
                        // filter
                    ]
                ]
            ],
            [
                // filter
            ],
            [
                // filter
            ]
        ]
    ]
],
...

Available filters

Replace the // filter lines in the examples above to apply these filters.

Incident Fields

The following filters handle the fields of the incident.

Registered time

Use this filter to get incidents that were registered between timestamps specified in from and to.

"timestamp",
{
  "from": 1660734896160,
  "to": 1660738496160
}

Occurred time

Use this filter to get incidents that occurred between timestamps specified in from and to.

"localTimestamp",
{
  "from": 1660133723209,
  "to": 1660738523209
}

Cleared time

Use this filter to get incidents that were cleared between timestamps specified in from and to.

"clearTimestamp",
{
  "from": 1660734972645,
  "to": 1660738572645
}

Use this filter to get incidents that were generated by a specific entity.

Entity ID has to be prefixed by the entity type — objects-... for objects and links-... for links.

"entity",
"objects-61576794877b1d7a1f43c59e"

Severity

Use this filter to get incidents that have a specified severity.

"severity",
// Array of severity IDs
[
  1,
  ...,
  "5c0f67acf2a9273067af328f"
]

Text

Use this filter to get the incidents whose text field matches the specified condition.

Available logical operations:

  • Equals: _eq

  • Not Equals: _neq

  • Matches: _m

  • Contains: _ct

  • Doesn’t contain: _nct

"text",
{
  "value": "Text",
  "op": "_eq"
}

Acknowledged by

You can return the incidents that have been acknowledged by a specified user.

"acknowledgedBy",
"5a0b26b8c9a7733f56b01a16"// ID of a user who acknowledged an incident

Comment

Use this filter to get the incidents whose comment matches the specified condition.

Available logical operations:

  • Equals: _eq

  • Not Equals: _neq

  • Matches: _m

  • Contains: _ct

  • Doesn’t contain: _nct

"comment",
{
  "value": "Comment",
  "op": "_eq"
}

Transition time

Use this filter to get incidents whose entity last updated its State between timestamps specified in from and to.

"lastStateUpdate",
{
  "from": 1660736721329,
  "to": 1660740321329
}

Field comparison

You can return incidents, whose fields match the specified logical operation.

Fields, available for comparison:

  • Registered time: timestamp

  • Occurred time: localTimestamp

  • Cleared time: clearTimestamp

  • Last state update time: lastStateUpdate

  • Object creation time: created

Available operations:

  • Equals: _eq

  • Not Equals: _neq

  • Matches: _m

  • Contains: _ct

  • Doesn’t contain: _nct

[
  "timestamp",
  "clearTimestamp"
],
"_eq"

Entity Fields

The following filters handle the fields of entities that generated the incident.

Class

You can filter incidents by the class of the entity that generated them.

"classId",
"591c4ea02d84db763e226ced"// ID of the class

Property

Use this filter to get the incidents whose specified property matches the specified condition.

Available operations:

  • Equals: _eq

  • Not Equals: _neq

  • Matches: _m

  • Contains: _ct

  • Doesn’t contain: _nct

"property",
{
    "value": "value",
    "property": "property_name",
    "op": "_neq"
}

State

With this filter, you can only returned incidents that were generated by the entities that are currently in one of the specified states.

"stateId",
// Array of state IDs
[
  "1",
  ...
  "591c4ea02d84db763e226ced"
]

Tags

You can use entities' tags to filter incidents.

"tags",
"583c54b8a9d2d27713e1be22"