Original Message:
Sent: Tue April 23, 2024 04:18 PM
From: Mark Scherfling
Subject: SOAR API performance issue
This query is looking for the value 3267 within datatables. Try the query value "".
------------------------------
Mark Scherfling
Original Message:
Sent: Tue April 23, 2024 03:35 PM
From: Aya Elsayed
Subject: SOAR API performance issue
Thanks for your help
do you know why this query didn't get results, however i'm sure that id have data
------------------------------
Aya Elsayed
Original Message:
Sent: Tue April 23, 2024 11:35 AM
From: Mark Scherfling
Subject: SOAR API performance issue
You may be able to do what you want via the /search_ex API call. This API call can refer to multiple incident IDs and you can target which types of objects (ex. datatables) to return. Refer to the filters and conditions payload to specify how to restrict the data returned. Here's an example payload. I don't know if the condition for incident.id can support a 'contains' list of Ids. I suspect you would then need multiple conditions, one for each incident. The value for <search value> is what you'd search for. In this case, you really don't want to search a particular value. So, maybe try an empty string (""). This may need some playing around to get correct.
Good luck.
{
"query": "<search value>",
"org_id": 203,
"filters": {
"incident": [
{
"conditions": [
{
"field_name": "id",
"method": "equals",
"value": 2176
}
]
}
]
},
"types": [
"datatable"
]
}
------------------------------
Mark Scherfling
Original Message:
Sent: Tue April 23, 2024 09:55 AM
From: Aya Elsayed
Subject: SOAR API performance issue
Hello Mark,
We try to move to the EPM environment, we faced a critical issue here
our mission is to fetch all the incident id from that first api link
"https://csim.resilientsystems.com/rest/orgs/201/incidents/query_paged?field_handle=-1&return_level=full"
then push each id to fetch its related data from that second api link
"https://csim.resilientsystems.com/rest/orgs/201/incidents/{id}/table_data?handle_format=names"
the problem here is the number of ids around 10k so we will hit the second api 10k and that will take a long time and there is naturally a chance that this data can be lost or that an instability occurs to the api server
our thoughts is there are some types of api have batch calls, in which you can pass via payload all the items you want to fetch. So for example, in a payload you can list all IDs in one single api call. In this way, one API call will be able to fetch this data in seconds
the question is that second api has this feature or not?
or is that applicable to be achieved by any way or not?
------------------------------
Aya Elsayed
Original Message:
Sent: Tue April 23, 2024 09:33 AM
From: Mark Scherfling
Subject: SOAR API performance issue
Hi Aya,
I assume you're referring to the GET method for retrieving the contents of a datatable. This API call retrieves the entire contents of the datatable, which can be a very large result set. There is no way to limit the results returned.
If you're looking for a solution to this issue or another change, I suggest the best way to request those changes is by submitting an enhancement in our ideas portal: https://ideas.ibm.com/.
Hope this helps.
------------------------------
Mark Scherfling
Original Message:
Sent: Mon April 22, 2024 09:41 AM
From: Aya Elsayed
Subject: SOAR API performance issue
I have a performance issues with the current approach that the SOAR API follows to requests data tables (members and assets associated to the incident) which is not optimized for multiple requests.
So we need to know if they provide a better way to perform this API calls without performance impact allowing to do some sort of "bulk" request to those data tables associated to an incident.
The mentioned API link:
"https://csim.resilientsystems.com/rest/orgs/201/incidents/{id}/table_data?handle_format=names"
------------------------------
Aya Elsayed
------------------------------