Incidents¶
The incidents API provides the core functionality of searching ThirdEye incidents.
See the Incident Objects section for a description of the various objects consumed and returned by these APIs.
Incident.search¶
The Incidents.search method is the fundemental way of retrieving incidents from the server. Search supports many criteria, and the criteria can be combined to perform powerful searches.
| Parameter | Type | Description |
|---|---|---|
| pageData | Object | A PageData object defining the offset where retrieval should begin and page size |
| queries | Array | An array of query strings defining the search criteria |
| sortColumn | String | A string indicating the Incident object attribute the results should be sorted by |
| descending | Boolean | A boolean flag indicating whether results should be sorted in descending or ascending order |
Within the queries array, each query string contains a schema, followed by an equals sign, followed by the value of the search parameter.
Example: ["severity=CRITICAL", "hostname=web"]
| Scheme | Description |
|---|---|
| incidentId | The internal ID of the Incident |
| severity | The severity of the Incident |
| status | The status of the Incident |
| hostname | The hostname or hostname prefix of a device associated with the Incident |
| ipAddress | The IP address, or CIDR mask, of a device(s) associated with the Incident |
| start | Search Incidents where the specified value is >= the modified timestamp |
| end | Search Incidents where the specified value is <= the created timestamp |
Return: A PageData object¶
The PageData object that is returned will contain an attribute called incidents, which is an array of Incident objects. If the initial offset that is passed is zero (0), the returned PageData object will also contain a populated total attribute, telling you how many total results are available. By incrementing the offset by
pageSize you can retrieve subsequent pages of results. When offset + pageSize is greater than or equal to total there are no more results available.
Sample Request JSON:¶
{
"jsonrpc": "2.0",
"method": "Incidents.search",
"params": {
"pageData": {
"offset": 0,
"pageSize": 100
},
"queries": ["severity=CRITICAL", "hostname=web"],
"sortColumn": "modified",
"descending": true
},
"id": 1
}
Incident.getIncidentById¶
The Incidents.getIncidentById method returns an Incident object as described below, or null if the requested Incident does not exist.
| Parameter | Type | Description |
|---|---|---|
| incidentId | Integer | The internal ID of the Incident |
Return: An Incident object or null¶
Incident Objects¶
Incident¶
| Field | Type | Description |
|---|---|---|
| incidentId | Int | The internal Incident ID of the device |
| summary | String | The generated or edited summary of the Incident |
| severity | String | NONE,DEBUG,INFORMATIONAL,NOTICE,WARNING,ERROR,CRITICAL,ALERT,EMERGENCY |
| priority | String | LOW,MEDIUM,HIGH |
| status | String | OPEN,RESOLVED,WORKING,DEFERRED |
| resolution | String | PENDING,FIXED,EXPECTED,TRANSIENT |
| assignee | String | The username of the user assigned to the Incident |
| clearState | String | NOT_CLEARED,CLEARING,CLEARED |
| created | Date | The timestamp of when the Incident was created |
| modified | Date | The timestamp of when the Incident was last modified |
| resolved | Date | The timestamp of when the Incident was resolved |
| nodes | Int | The number of nodes associated with the Incident |
| triggers | Int | The number of triggers associated with the Incident |
| occurrences | Int | The number of occurrences associated with the Incident |
PageData¶
| Attribute | Type | Description |
|---|---|---|
| offset | Integer | The starting offset in the results to begin retrieving pageSize number of Incident objects. This value is required when PageData is used as a parameter. |
| pageSize | Integer | The maximum number of Incident objects to retrieve in a single method call. This value is required when PageData is used as a parameter. |
| total | Integer | This value is set and retrieved from the server when an offset of zero (0) is passed. This indicates the total number of Incident objects available. This value is ignored when PageData is used as a parameter. |
| incidents | Array | An array of Incident objects. This value is ignored when PageData is used as a parameter. |