Hi Puneet,
Sorry for the delay in responding. There are a number questions here which I probably won't answer completely. But I'll try to respond to most
Does Resilient support push mechanism to send incident information (create/update events) to an end point (may be syslog end point)?
>> The rc-data-feed capability is one capability to support this. It's a generalized mechanism for sending incident data to a variety of end point data sources such as odbc databases, splunk, elastic, kafka, a simple file solution and a downstream Resilient. Unfortunately there is no syslog plugin. I'd recommend you look at the documentation and see if you can create your own plugin. The plugins I mentioned may be helpful as reference examples. The code can be found in github: https://github.com/ibmresilient/resilient-community-apps/tree/master/rc-data-feed and https://github.com/ibmresilient/resilient-community-apps/tree/master/rc-data-feed-plugin-filefeed
Can we get specific fields in API response rather getting the whole incident response?
>> This would be a filtering operation you can do once you get the entire incident.
Can we get custom fields like time to resolve, time to detect field in API response?
>> If you've defined custom fields, those would be included in the incident data. Incident timers are not part of the information returned and you can get that information using an API call referencing the incident Id: /orgs/{org_id}/timers
Support of time filtering in API call as I couldn't find any in documentation. e.g - Let's say I want to bring all the incidents created/updated/closed in last 24 hours
>> If you're writing your own application using the Resilient APIs, look at the /search_ex API call. It allows you to specify a variety of search conditions, such as updated or closed time. Be aware that timestamps are in millisecond epoch format.
Since we are using Java as core tech, can you share any sample example covering "Authorization" for hitting resilient API.
>> I was unable to find specific examples in our github repository for Java. I will see if anything exists internally.
Is it possible to pull only snapshots of those tickets that were updated between a given period?
>> No. Only the current state of an incident is available.
Any throttling limits from Tech perspective which we should be aware of.
>> No. But be aware that APIs calls are metered for usage.
------------------------------
Mark Scherfling
------------------------------
Original Message:
Sent: Mon February 15, 2021 11:45 PM
From: Puneet Chawla
Subject: Extracting incident information from Resilient
Have couple of questions before integration -
- Does Resilient support push mechanism to send incident information (create/update events) to an end point (may be syslog end point)?
- Can we get specific fields in API response rather getting the whole incident response?
- Can we get custom fields like time to resolve, time to detect field in API response?
- Support of time filtering in API call as I couldn't find any in documentation. e.g - Let's say I want to bring all the incidents created/updated/closed in last 24 hours
- Since we are using Java as core tech, can you share any sample example covering "Authorization" for hitting resilient API.
- Is it possible to pull only snapshots of those tickets that were updated between a given period?
- Support of incremental updates
- Any throttling limits from Tech perspective which we should be aware of.
Thanks
Puneet
------------------------------
Puneet Chawla
------------------------------