Skip to main content

getAlertIds

A Graze API GET request that returns the total number of alerts, and a list of the alert IDs, for a specified alert filter and a limit.

Note

Take special care when using endpoint getAlertIds. Overuse of this endpoint can have a negative impact on the backend datastore.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertIds takes the following request arguments:

Name

Type

Required

Description

auth_token

String

Yes

A valid auth_token returned from the authenticate request. Alternatively, basic authenticate headers can be used in place of this parameter. See the authenticate endpoint for more information and usage examples.

query

String

Yes

An SQL-like filter that alerts must match to be returned.

See Filter Search Data for more information on creating SQL-like filters.

limit

Number

Yes

Maximum number of alert IDs to return.

Response

Endpoint getAlertIds returns the following response:

Successful requests return a JSON object which contains alert details from the following:

Name

Type

Description

total_alerts

Number

Total number of alerts, or unique alerts.

alert_ids

JSON Array

A list of alert IDs.

Examples

The following examples demonstrate typical use of endpoint getAlertIds:

Request example

Example cURL request to return the first 20 alert IDs that satisfy the filter where the agent is not SYSLOG and the description matches "AUTH-SERVICE":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertIds" --data-urlencode 'query=agent!=SYSLOG and description matches "AUTH-SERVICE"' --data-urlencode 'limit=20'

Response example

Example response returning the first 20 alert IDs:

{
    "total_alerts":20,
    "alert_ids":[78,234,737,1253,1459,1733,2166,2653,2855,3133,3414,3538,3729,3905,3991,4110,4160,4536,4692,4701]
}