Query Alert Groups

Query Alert Groups
Query for Alert groups using one or more criteria specified in the Query Spec

Example: POST /api/alerts/group/{groupingCondition}/query

Request
URI
POST
https://{api_host}/suite-api/api/alerts/group/{groupingCondition}/query
COPY
Path Parameters
string
groupingCondition
Required

The condition to be used for grouping

Possible values are : GROUP_BY_ALERT_DEFINITION, GROUP_BY_RESOURCE_KIND, GROUP_BY_CRITICALITY, GROUP_BY_TIME, GROUP_BY_SCOPE,
Query Parameters
string
adapterKind
Optional

Adapter kind to be used for grouping alerts by SCOPE

string
resourceKind
Optional

Resource kind to be used for grouping alerts by SCOPE

string
resourceNameFilter
Optional

Filter based on alert resource name (Used only in SCOPE flow)

integer
page
Optional
Constraints: default: 0

Page number from which data needs to be displayed (0-based)

integer
pageSize
Optional
Constraints: default: 1000

Expected number of entries per page

Request Body

The alertQuery criteria

alert-query of type(s) application/json
Required 
"{\n  \"compositeOperator\" : \"AND\",\n  \"alertId\" : [ ],\n  \"resource-query\" : {\n    \"name\" : [ \"Windows2017VM\", \"Windows2018VM\" ],\n    \"regex\" : [ \"\\\\\\\\S+-BNA-\\\\\\\\S+\", null ],\n    \"adapterKind\" : [ \"VMWARE\" ],\n    \"resourceKind\" : [ \"HostSystem\" ],\n    \"resourceId\" : [ \"0d0f5c56-d8ba-4029-a59e-7f03adb18055\" ],\n    \"statKeyInclusive\" : true\n  },\n  \"activeOnly\" : true,\n  \"alertTypeSubtype\" : [ ],\n  \"alertCriticality\" : [ \"CRITICAL\", \"IMMEDIATE\", \"WARNING\", \"INFORMATION\" ],\n  \"alertStatus\" : [ ],\n  \"alertImpact\" : [ ],\n  \"alertControlState\" : [ ],\n  \"startTimeRange\" : {\n    \"startTime\" : 1753368185,\n    \"endTime\" : 1753378185\n  },\n  \"includeChildrenResources\" : true,\n  \"extractOwnerName\" : false\n}"
boolean
activeOnly
Optional

Filter to return only Active alerts, if true, the query will exclude Suspended and Cancelled Alerts

array of string
alertControlState
Optional

Filter based on the Alert Control State

Possible values are : OPEN, ASSIGNED, SUSPENDED, SUPPRESSED,
array of string
alertCriticality
Optional

Filter based on Alert Criticality

Possible values are : UNKNOWN, NONE, INFORMATION, WARNING, IMMEDIATE, CRITICAL, AUTO,
array of string
alertDefinitionId
Optional

Filter based on the Alert definition id

array of string
alertId
Optional

Filter based on Alert identifiers

array of string
alertImpact
Optional

Filter based on the Alert Impact

string
alertName
Optional

Filter based on Alert name using 'contains' logic

array of string
alertStatus
Optional

Filter based on the Alert Status. If looking for only active alerts combined
with other filter criteria then use the activeOnly property instead.

Possible values are : NEW, ACTIVE, UPDATED, CANCELED,
array of object
alertTypeSubtype
Optional

Filter based on Alert Type

object
cancelTimeRange
Optional

Filter based on matching UTC cancel time

string
compositeOperator
Optional

Operations for Composite Conditions

Possible values are : AND, OR,
boolean
extractOwnerName
Optional

Indicates whether need to report alert owner's name in addition to owner's id

string
groupId
Optional

Filter based on alert group id

string
groupingCondition
Optional

Indicates the alert grouping condition

Possible values are : GROUP_BY_ALERT_DEFINITION, GROUP_BY_RESOURCE_KIND, GROUP_BY_CRITICALITY, GROUP_BY_TIME, GROUP_BY_SCOPE,
boolean
includeChildrenResources
Optional

True to include alerts generated by child resources

object
resource-query
Optional

Object used to lookup resources with various filtering criteria

string
resourceKind
Optional

Filter based on resource kind using 'contains' logic

object
startTimeRange
Optional

Filter based on matching UTC cancel time

object
updateTimeRange
Optional

Filter based on matching UTC cancel time

string
userId
Optional

Filter based on user id

string
userName
Optional

Filter based on user name using 'contains' logic

Authentication
This operation uses the following authentication methods.
Responses
200

AlertGroups of alerts matching the specified Query Spec and grouped using specified grouping-condition(Collection can be empty)

Returns alert-groups of type(s) application/json 
"{\n  \"alertGroups\" : [ {\n    \"groupId\" : \"A-id\",\n    \"groupName\" : \"A\",\n    \"alertCount\" : 5,\n    \"maxCriticalityLevel\" : 3\n  }, {\n    \"groupId\" : \"B-id\",\n    \"groupName\" : \"B\",\n    \"alertCount\" : 5,\n    \"maxCriticalityLevel\" : 3\n  } ]\n}"
array of object
alertGroups
Optional

List of alert groups

array of object
links
Optional

Collection of links

object
pageInfo
Optional

Represents page information for a paged result


500

Error occurred while retrieving the AlertGroups

Operation doesn't return any data structure

Code Samples
COPY
                    curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{}' https://{api_host}/suite-api/api/alerts/group/{groupingCondition}/query
On This Page
Alerts Operations
GET
Get Alert Definitions
POST
Create Alert Definition
PUT
Update Alert Definition
POST
Query Alert Definitions
DELETE
Delete Alert Definition
GET
Get Alert Definition By Id
PUT
Disable Alert Definition In Policies
PUT
Enable Alert Definition In Policies
GET
Get Alerts
POST
Modify Alerts
DELETE
Delete Canceled Alerts
GET
Get Alert Contributing Symptoms
POST
Query Alert Groups
POST
Query Alert Notes
POST
Query Alert
GET
Get Alert Types
GET
Get Alert
GET
Get Alert Notes
POST
Add Alert Note
DELETE
Delete Alert Note
GET
Get Alert Note