cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Getting empty results when using REST api query (ESM)

I'm using ESM (version 9.5.2, appliance)

Trying to integrate with REST API to fetch and query events in the SIEM.
I'm using the qryExecuteDetail API , I'm using simple query (no filters) to test I can fetch all events.

But i always get in the response body :

{"return": {

    "attributeColumn": 0,

    "countColumn": 0,

    "drilldownColumn": 1,

    "groupByString": "",

    "labelColumn": 0,

    "resultID": {"value": 140532958030616},

    "startTime": "03\/01\/2016 00:00:00",

    "stopTime": "03\/02\/2016 00:00:00",

    "totalResultID": {"value": 0},

    "totalRows": 0

}}

Then If I try to use the qryGetResults api to fetch the results(using the last resultID) , I get 400 response code and this error in body :

ERROR_QueryResultNotAvailable (238)

Any idea? what i'm doing wrong?

2 Replies

Re: Getting empty results when using REST api query (ESM)

Did you ever find an answer to this problem?

Currently have the same issue in 9.6.1

Re: Getting empty results when using REST api query (ESM)

I was getting the same issue, check the following:

1) poll the API to see if your results are ready (using qryGetStatus)

2) once your results are ready, proceed to fetch them, however, bear in mind that you can't "exit" your logon session with the API and then get the results: they only last as long as your session.

So if you want to get your results, you need to setup some sort of "while" loop in your script that will check qryGetStatus until a 100% value is reached, then fetch the results, all in the same scriptblock. That solved the issue for me, although I'm working with ESM 10.0.3

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community