Thank you '
Sean Mc Cann' and 'Burak' for your valuable feedback.
I finally achieved my objective using circuit function, below is the summary of query I used in function.
ref_time = int(time.time() - 48 * 60 * 60) * 1000 # milliseconds
queryDTO = {'filters': [
{'conditions': [
{'field_name': 'name',
'method': 'contains',
'value': inc_name_input # input received from workflow
},
{'field_name': 'end_date',
'method': 'gte',
'value': ref_time
},
{'field_name': 'plan_status',
'method': 'equals',
'value': 'C'
}
]}]}
incidents = client.post("/incidents/query", queryDTO)
Thanks again for all your feedback.
------------------------------
Dastagirsab Mulla
------------------------------
Original Message:
Sent: Fri February 19, 2021 05:48 AM
From: Sean Mc Cann
Subject: query builder with time limit in Resilient Script
Hi,
The code provided by Burak should help with your use case, but like he said you are most likely experiencing a timeout because your script takes longer than 5 seconds to complete. If you don't mind, could you send me a private message with details of roughly how many incidents you have on your production system, is it 100, 1,000, 5,000, or 10,000+? It's possible there are some performance problems we could investigate.
Thank you,
------------------------------
Sean Mc Cann
Original Message:
Sent: Fri February 19, 2021 04:55 AM
From: Dastagirsab Mulla
Subject: query builder with time limit in Resilient Script
Thank you very much for your response, I will try this with function in circuits.
------------------------------
Dastagirsab Mulla
Original Message:
Sent: Fri February 19, 2021 03:21 AM
From: Burak Karaduman
Subject: query builder with time limit in Resilient Script
Hello,
Which version of resilient do you use? "import time" works with python3 in Resilient.
For more detail: https://community.ibm.com/community/user/security/blogs/ryan-gordon1/2020/12/18/python3-scripting-engine
---
There are some limits like 5 seconds execution or max 50000 line count. If you have too much closed incidents in last 48 hours, yes it takes time. You can check /var/log/resilient-scripting/resilient-scripting.log file to find execution time of your script.
If you cannot solve script execution time issue, you can do it with a function in circuits.
------------------------------
Burak Karaduman
Original Message:
Sent: Fri February 19, 2021 02:26 AM
From: Dastagirsab Mulla
Subject: query builder with time limit in Resilient Script
Thank you Burak,
It worked after small change in time import, I used below code to get time
from java.util import Date
dt_now = Date()
time = dt_now.getTime()
But my code is working well in Pre Production where we have less number of incidents, but it getting failed on production may be due to large number of incidents, I am attaching error here.
------------------------------
Dastagirsab Mulla
Original Message:
Sent: Thu February 18, 2021 04:04 PM
From: Burak Karaduman
Subject: query builder with time limit in Resilient Script
Hello Dastagir,
You could use below lines.
import timereference_time = int(time.time() - 48 * 60 * 60 ) * 1000 # millisecondsquery_builder.equals(fields.incident.plan_status, "C") # closed incidentsquery_builder.isGreaterThan(fields.incident.end_date, reference_time) # in last 48 hoursquery = query_builder.build()closed_incidents = helper.findIncidents(query)
------------------------------
Burak Karaduman
Original Message:
Sent: Thu February 18, 2021 05:08 AM
From: Dastagirsab Mulla
Subject: query builder with time limit in Resilient Script
Hi,
I am trying to build a query which get all the incidents closed in last 48 hours, I can use status but how can I also use time in this query to lookup only last 48 hours incidents instead of searching all closed incidents.
query_builder.equals(fields.incident.plan_status, "C")
Please help if anyone has done this before
Regards
Dastagir
------------------------------
Dastagirsab Mulla
------------------------------