Moogsoft Docs

getAlertIds

A Graze API GET request that returns the total number of alerts, and a list of the alert IDs, for a specified alert filter and a limit.

Note

Take special care when using endpoint getAlertIds. Overuse of this endpoint can have a negative impact on the backend datastore.

Back to Graze API EndPoint Reference.

Request arguments

Endpoint getAlertIds takes the following request arguments:

Name

Type

Required

Description

auth_token

String

Yes

A valid auth_token returned from the authenticate request. See the authenticate endpoint for more information.

query

String

A JSON or SQL-like alert filter.

limit

Number

Maximum number of alert IDs to return.

Response

Endpoint getAlertIds returns the following response:

Successful requests return a JSON object which contains alert details from the following:

Name

Type

Description

total_alerts

Number

Total number of alerts, or unique alerts.

alert_ids

Number list

A list of alert IDs.

API update behavior

The behavior of this endpoint depends on whether the relevant Situation is open, closed and still in the active database, or closed and archived to the historic database. This endpoint updates the Situation as follows:

See API Update Behavior for more information on Situation statuses.

Examples

The following examples demonstrate typical use of endpoint getAlertIds:

Request example

Example cURL request to return the first 20 alert IDs that satisfy the filter where the agent is not SYSLOG and the description matches "AUTH-SERVICE":

curl -G -u graze:graze -k -v "https://localhost/graze/v1/getAlertIds" --data-urlencode 'query=agent!=SYSLOG and description matches "AUTH-SERVICE"' --data-urlencode 'limit=20'
Response example

Example response returning the first 20 alert IDs:

{"total_alerts":20,"alert_ids":[78,234,737,1253,1459,1733,2166,2653,2855,3133,3414,3538,3729,3905,3991,4110,4160,4536,4692,4701]}