Original Message:
Sent: Wed October 16, 2019 09:40 AM
From: Howard Lu
Subject: API Query Examples
Yes you can. In the "filters" section, there is a "logic_type" field you can specify. It defaults to ALL (meaning a logical AND). you can specify it to be "any" which is a logical OR.
{
"filters": [
{
"conditions": [
{
"field_name": "create_date",
"method": "gte",
"value": 1546318800000
},
{
"field_name": "create_date",
"method": "lte",
"value": 1554091200000
}
],
"logic_type" : "any"
}
]
}
Hope that helps!
------------------------------
Howard Lu
Original Message:
Sent: Tue October 15, 2019 11:23 PM
From: MSS Engineer
Subject: API Query Examples
The listed conditions in the "filters" section is AND condition. May I know if there is any option if I need an API query with OR condition?
------------------------------
MSS Engineer
Original Message:
Sent: Wed April 03, 2019 10:46 AM
From: Howard Lu
Subject: API Query Examples
Hi Juan,
Yes you can. The Resilient UI uses the same Resilient REST API. So any conditions you see in the UI you can achieve using the REST API as well.
In this case,
{ "filters": [ { "conditions": [ { "field_name": "create_date", "method": "gte", "value": 1546318800000 }, { "field_name": "create_date", "method": "lte", "value": 1554091200000 } ] } ]}
you could put multiple conditions that the "create_date" is before a certain time, and after a certain time. The time value here is the "epoch time" measured in milliseconds. There are plenty of converters which will convert a human readable date into an epoch time. e.g. https://www.epochconverter.com/
Again, these values are in milliseconds, so make sure you use that. In the code sample I pasted above, those times translate to Jan 1 and Apr 1 of 2019.
Hope this is helpful! Good luck.
------------------------------
Howard Lu
Original Message:
Sent: Wed April 03, 2019 10:06 AM
From: Juan Cruz Del Col
Subject: API Query Examples
Excellent, it worked perfectly. I had not noticed that the ID should be used as it is a selection field.
Is it possible to make a condition by "between" dates?
How would the date format be?
For example, I need to obtain the same information that is shown in the report (image), but using a query via REST to send the data to a BI
------------------------------
Juan Cruz Del Col
Original Message:
Sent: Tue April 02, 2019 10:43 AM
From: Howard Lu
Subject: API Query Examples
Hi Juan,
First off, in your "conditions", you dont' specify the "type" field. The documentation for "type" reads:
The type for the condition. This property is for UI side use only, useful for storing unit of time in date time filters like (minutes, hours, days)
So go ahead and omit it.
Unfortunately, for a select field, you will need to specify the "id" of the value and not the name.
{ "filters": [ { "conditions": [ { "method": "equals", "field_name": "properties.cola_de_atencion", "value": <ID> } ] } ], "sorts": [ { "field_name": "plan_status", "type": "desc" } ], "start": 0, "length": 0, "recordsTotal": 0}
You can lookup the "id" of your custom field value by accessing the Types REST endpoint.
https://<serverURL>/rest/orgs/<org_id>/types/incident/fields/cola_de_atencion
and look at the "values" list.
Hope this helps!
------------------------------
Howard Lu
Original Message:
Sent: Mon April 01, 2019 02:06 PM
From: Juan Cruz Del Col
Subject: API Query Examples
I have tried it and it works well with some fields, but I generate a field of type "selection" and it is not working for me.
Send:
{ "filters": [ { "conditions": [ { "method": "equals", "field_name": "properties.cola_de_atencion", "type": "string", "value": "CRMC" } ] } ], "sorts": [ { "field_name": "plan_status", "type": "desc" } ], "start": 0, "length": 0, "recordsTotal": 0}
Response:
{ "success": false, "title": null, "message": "Invalid type specified in query for equals condition. Expected unknown, but received string. Value is CRMC.", "hints": [], "error_code": "generic"}
Any suggestions?
------------------------------
Juan Cruz Del Col
Original Message:
Sent: 03-20-2019 01:51 PM
From: Yongjian Feng
Subject: API Query Examples
Ah, I see.
Look at the example I gave below. The "filters" is a list of dict, not a dict.
==== Example =====
{
"filters":[{
"conditions":[
{
"field_name":"id",
"method":"equals",
"value":2435
},
{
"field_name":"properties.qradar_id",
"method":"equals",
"value":"23"
}
]
}]
}
------------------------------
Yongjian Feng
Original Message:
Sent: 03-20-2019 01:28 PM
From: Juan Cruz Del Col
Subject: API Query Examples
Yes, that's what I'm trying to do, but you know that I'm having an error when performing a test from the Postman:
------------------------------
Juan Cruz Del Col
Original Message:
Sent: 03-20-2019 01:04 PM
From: Yongjian Feng
Subject: API Query Examples
Hello Juan,
One easy way is to use our Interactive API (Help/Contact->Interactive REST API).
Then go down and click IncidentREST.
Click the query link:
The URL is shown there. You can try the REST API directly here.
Thanks,
------------------------------
Yongjian Feng
Software Developer
Resilient IBM
Original Message:
Sent: 03-20-2019 10:49 AM
From: Juan Cruz Del Col
Subject: API Query Examples
What is the URL para ejecutar the query?
POST /orgs/{org_id}/incidents/query
I need to do something similar for a BI board.
------------------------------
Juan Cruz Del Col
Original Message:
Sent: 03-18-2019 12:07 PM
From: Yongjian Feng
Subject: API Query Examples
Also, in general it is better to use the query_paged endpoint. The query endpoint pulls all the incidents which could be huge. The query_paged endpoint gives you better control.
------------------------------
Yongjian Feng
Original Message:
Sent: 03-18-2019 10:20 AM
From: Yongjian Feng
Subject: API Query Examples
Hello Anilkumar,
Thanks for posting question to this forum.
Yes, you can put multiple conditions into the data payload of a POST. As you might notice already, the "conditions" field is a json list of dictionaries. So you can put multiple dictionaries into the list. An example like this works:
{"filters":[{"conditions":[{"field_name":"id","method":"equals","value":2435},{"field_name":"properties.qradar_id","method":"equals","value":"23"}]}]}
Here we have two filters, one for the incident id, and one for a custom field called qradar_id. Two points here.
1. If it is a custom field, you need to use "properties._field_name", just like what shown above for qradar_id
2. Make sure you use the correct data type for the "value".
Also you can easily try this on interactive page (Help->Interactive REST API).
Thanks,
------------------------------
Yongjian Feng
Software Developer
Resilient IBM
Original Message:
Sent: 03-14-2019 05:39 PM
From: Anilkumar Kudidi
Subject: API Query Examples
Hi Folks , while using the Query End Point in API in Resilient can we use
the multiple conditions using AND as outlined below.
Wondering if you have examples already that can be shared to review.
Please note that Query tested with single condition and works.
Thanks!
#1
{
"filters": [{
"conditions": [{
"field_name": "plan_status",
"method": "equals",
"value": "C" AND
"field_name": "inc_id
"method": "containedIn",
"value": "(45678,47654,45694)"
}]
}],
"sorts": [{
"field_name": "name",
"type": "asc"
}]
}
#2
{
"filters": [{
"conditions": [{
"field_name": "plan_status",
"method": "equals",
"value": "C" AND
"field_name": "inc_id
"method": "equals",
"value": "45678"
}]
}],
"sorts": [{
"field_name": "name",
"type": "asc"
}]
}
------------------------------
Anilkumar Kudidi
------------------------------