getAlertIds

A Graze API GET request that returns the total number of alerts, and a list of the alert IDs, for a specified alert filter and a limit.

Note

Take special care when using endpoint getAlertIds. Overuse of this endpoint can have a negative impact on the backend datastore.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertIds takes the following request arguments:

Name

Type

Required

Description

auth_token

String

Yes

A valid auth_token returned from the authenticate request. See the authenticate endpoint for more information.

query

String

A JSON or SQL-like filter that alerts must match to be returned.

See Filter Search Data for more information on creating SQL-like filters.

limit

Number

Maximum number of alert IDs to return.

Response

Endpoint getAlertIds returns the following response:

Successful requests return a JSON object which contains alert details from the following:

Name

Type

Description

total_alerts

Number

Total number of alerts, or unique alerts.

alert_ids

Number list

A list of alert IDs.

Examples

The following examples demonstrate typical use of endpoint getAlertIds:

Request example

Example cURL request to return the first 20 alert IDs that satisfy the filter where the agent is not SYSLOG and the description matches "AUTH-SERVICE":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertIds" --data-urlencode 'query=agent!=SYSLOG and description matches "AUTH-SERVICE"' --data-urlencode 'limit=20'

Response example

Example response returning the first 20 alert IDs:

{
    "total_alerts":20,
    "alert_ids":[78,234,737,1253,1459,1733,2166,2653,2855,3133,3414,3538,3729,3905,3991,4110,4160,4536,4692,4701]
}